CVE-2025-4087 - Vulnerability Details

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Mozilla	Firefox Thunderbird
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox:::::esr:::*
	cpe:2.3:a:mozilla:firefox:::::-:::*
	cpe:2.3:a:mozilla:thunderbird:::::esr:::*
	cpe:2.3:a:mozilla:thunderbird:::::-:::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 10
firefox-0:128.10.0-1.el10_0	cpe:/o:redhat:enterprise_linux:10.0	RHSA-2025:7506	2025-05-13T00:00:00Z
thunderbird-0:128.10.0-1.el10_0	cpe:/o:redhat:enterprise_linux:10.0	RHSA-2025:7507	2025-05-13T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Support
firefox-0:128.10.0-1.el7_9	cpe:/o:redhat:rhel_els:7	RHSA-2025:4751	2025-05-08T00:00:00Z
Red Hat Enterprise Linux 8
firefox-0:128.10.0-1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:4458	2025-05-05T00:00:00Z
thunderbird-0:128.10.0-1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:4797	2025-05-12T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
firefox-0:128.10.0-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:7547	2025-05-14T00:00:00Z
thunderbird-0:128.10.0-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:7693	2025-05-15T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
firefox-0:128.10.0-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:7545	2025-05-14T00:00:00Z
thunderbird-0:128.10.0-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:7691	2025-05-15T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
firefox-0:128.10.0-1.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:7545	2025-05-14T00:00:00Z
thunderbird-0:128.10.0-1.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:7691	2025-05-15T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
firefox-0:128.10.0-1.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:7545	2025-05-14T00:00:00Z
thunderbird-0:128.10.0-1.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:7691	2025-05-15T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
firefox-0:128.10.0-1.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:7544	2025-05-14T00:00:00Z
thunderbird-0:128.10.0-1.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:7690	2025-05-15T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
firefox-0:128.10.0-1.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:7544	2025-05-14T00:00:00Z
thunderbird-0:128.10.0-1.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:7690	2025-05-15T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
firefox-0:128.10.0-1.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:7544	2025-05-14T00:00:00Z
thunderbird-0:128.10.0-1.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:7690	2025-05-15T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
firefox-0:128.10.0-1.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:7543	2025-05-14T00:00:00Z
thunderbird-0:128.10.0-1.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:7689	2025-05-15T00:00:00Z
Red Hat Enterprise Linux 9
firefox-0:128.10.0-1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:4443	2025-05-05T00:00:00Z
thunderbird-0:128.10.0-1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:4460	2025-05-05T00:00:00Z
firefox-0:128.10.0-1.el9_6	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:7428	2025-05-13T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
firefox-0:128.10.0-1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:4753	2025-05-08T00:00:00Z
thunderbird-0:128.10.0-1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:7692	2025-05-15T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
firefox-0:128.10.0-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:4752	2025-05-08T00:00:00Z
thunderbird-0:128.10.0-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:7694	2025-05-15T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
firefox-0:128.10.0-1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:4756	2025-05-08T00:00:00Z
thunderbird-0:128.10.0-1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:7695	2025-05-15T00:00:00Z

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1952465
https://nvd.nist.gov/vuln/detail/CVE-2025-4087
https://www.cve.org/CVERecord?id=CVE-2025-4087
https://www.mozilla.org/security/advisories/mfsa2025-28/
https://www.mozilla.org/security/advisories/mfsa2025-29/
https://www.mozilla.org/security/advisories/mfsa2025-31/
https://www.mozilla.org/security/advisories/mfsa2025-32/

History

Wed, 14 May 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6
Vendors & Products		Redhat rhel Aus Redhat rhel Tus

Wed, 14 May 2025 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10.0

Sat, 10 May 2025 03:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.4

Fri, 09 May 2025 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla firefox Mozilla thunderbird
CPEs		cpe:2.3:a:mozilla:firefox:::::-:::* cpe:2.3:a:mozilla:firefox:::::esr:::* cpe:2.3:a:mozilla:thunderbird:::::-:::* cpe:2.3:a:mozilla:thunderbird:::::esr:::*
Vendors & Products		Mozilla Mozilla firefox Mozilla thunderbird

Fri, 09 May 2025 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s Redhat rhel Els Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:9.2 cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel E4s Redhat rhel Els Redhat rhel Eus

Mon, 05 May 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Thu, 01 May 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description	A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10.	A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10.

Thu, 01 May 2025 02:45:00 +0000

Type	Values Removed	Values Added
Title		firefox: thunderbird: Unsafe attribute access during XPath parsing
References		https://nvd.nist.gov/vuln/detail/CVE-2025-4087 https://www.cve.org/CVERecord?id=CVE-2025-4087
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 29 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 29 Apr 2025 13:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10.
References		https://bugzilla.mozilla.org/show_bug.cgi?id=1952465 https://www.mozilla.org/security/advisories/mfsa2025-28/ https://www.mozilla.org/security/advisories/mfsa2025-29/ https://www.mozilla.org/security/advisories/mfsa2025-31/ https://www.mozilla.org/security/advisories/mfsa2025-32/

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2025-04-29T13:13:42.302Z

Updated: 2025-05-01T14:22:02.858Z

Reserved: 2025-04-29T13:13:41.617Z

Link: CVE-2025-4087

Vulnrichment

Updated: 2025-04-29T15:52:15.821Z

NVD

Status : Analyzed

Published: 2025-04-29T14:15:35.357

Modified: 2025-05-09T19:33:14.030

Link: CVE-2025-4087

Redhat

Severity : Moderate

Publid Date: 2025-04-29T13:13:42Z

Links: CVE-2025-4087 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4087", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-04-29T13:13:41.617Z", "datePublished": "2025-04-29T13:13:42.302Z", "dateUpdated": "2025-05-01T14:22:02.858Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "138", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "128.10", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "138", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "128.10", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10."}]}], "problemTypes": [{"descriptions": [{"description": "Unsafe attribute access during XPath parsing", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952465"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-29/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-32/"}], "credits": [{"lang": "en", "value": "Ivan Fratric"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2025-05-01T14:22:02.858Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-29T15:51:33.871165Z", "id": "CVE-2025-4087", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-29T15:53:18.803Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-4087", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-29T15:51:33.871165Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-29T15:52:15.821Z"}}], "cna": {"credits": [{"lang": "en", "value": "Ivan Fratric"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "138", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "128.10", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "138", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "128.10", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952465"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-29/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-32/"}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Unsafe attribute access during XPath parsing"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2025-05-01T14:22:02.858Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4087", "state": "PUBLISHED", "dateUpdated": "2025-05-01T14:22:02.858Z", "dateReserved": "2025-04-29T13:13:41.617Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-04-29T13:13:42.302Z", "assignerShortName": "mozilla"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "3378E5EE-9ABF-444B-AA88-9EAF8D8058DE", "versionEndExcluding": "128.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "EB8A8C7B-B65D-4DF5-BDB5-0C3C4E2DB72C", "versionEndExcluding": "138.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "matchCriteriaId": "DC19822B-CC07-4C6F-BAAD-C7A9C4E73FA9", "versionEndExcluding": "128.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "matchCriteriaId": "D1E8CCF1-4E91-44CC-A652-B23D1337A485", "versionEndExcluding": "138.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad en Firefox donde el an\u00e1lisis de XPath pod\u00eda generar un comportamiento indefinido debido a la omisi\u00f3n de comprobaciones nulas durante el acceso a atributos. Esto podr\u00eda provocar accesos de lectura fuera de los l\u00edmites y, potencialmente, corrupci\u00f3n de memoria. Esta vulnerabilidad afecta a Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138 y Thunderbird ESR < 128.10."}], "id": "CVE-2025-4087", "lastModified": "2025-05-09T19:33:14.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-04-29T14:15:35.357", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952465"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-28/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-29/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-31/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-32/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:7506", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "firefox-0:128.10.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:7507", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "thunderbird-0:128.10.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:4751", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:128.10.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:4458", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:128.10.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2025:4797", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:128.10.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-05-12T00:00:00Z"}, {"advisory": "RHSA-2025:7547", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:128.10.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7693", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:128.10.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7545", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7691", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7545", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "firefox-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7691", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7545", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "firefox-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7691", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7544", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "firefox-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7690", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7544", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "firefox-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7690", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7544", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "firefox-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7690", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7543", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "firefox-0:128.10.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7689", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "thunderbird-0:128.10.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:4443", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.10.0-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2025:4460", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.10.0-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2025:7428", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.10.0-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:4753", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "firefox-0:128.10.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:7692", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:128.10.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:4752", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "firefox-0:128.10.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:7694", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "thunderbird-0:128.10.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:4756", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "firefox-0:128.10.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:7695", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "thunderbird-0:128.10.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-05-15T00:00:00Z"}], "bugzilla": {"description": "firefox: thunderbird: Unsafe attribute access during XPath parsing", "id": "2362904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362904"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10.", "A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption."], "name": "CVE-2025-4087", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-29T13:13:42Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-4087\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4087\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1952465\nhttps://www.mozilla.org/security/advisories/mfsa2025-28/\nhttps://www.mozilla.org/security/advisories/mfsa2025-29/\nhttps://www.mozilla.org/security/advisories/mfsa2025-31/\nhttps://www.mozilla.org/security/advisories/mfsa2025-32/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object