Security Advisory

CVE-2025-4087

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-29 13:13:42

Last updated 2026-04-13 14:27:21

Assigner mozilla

State PUBLISHED

Description

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Thunderbird 138, and Thunderbird 128.10.

← Browse all CVEs View on cve.org ↗