Mozilla Products May 2025 1st Security Update Advisory

Overview

 

An update has been made available to address a vulnerability in the Mozilla suite (Firefox ESR, Firefox versions). Users of affected products are advised to update to the latest version.

 

Affected Products

 

Firefox 138.0.4 and earlier

Firefox ESR 115.23.1 and earlier

Firefox ESR 128.10.1 and earlier

 

Resolved Vulnerabilities

 

An out-of-bounds access vulnerability exists in Firefox ESR when resolving a Promise object with a severity level of Severity (CVE-2025-4918) [1]

Out-of-bounds access when optimizing linear sum of severity levels in Firefox ESR (CVE-2025-4919) [1]

Firefox, Firefox ESR Severe level vulnerability in Firefox ESR that allows out-of-bounds access when resolving a Promise object (CVE-2025-4920) [2], [3]

Firefox, High Severity Linear Sum Optimization Vulnerability in Firefox ESR Allows Out-of-Bounds Access (CVE-2025-4921) [2], [3]

 

Vulnerability Patches

 

The following Vulnerability Patches were made available in the May 17, 2025 update. For more information on Vulnerability Patches, please refer to the “Mozilla” Referenced Sites documentation.

Firefox ESR 115.23.1 version

Firefox ESR 128.10.1 version

Firefox version 138.0.4

 

Referenced Sites

 

[1] Security Vulnerabilities fixed in Firefox ESR 115.23.1

https://www.mozilla.org/en-US/security/advisories/mfsa2025-38/

[2] Security Vulnerabilities fixed in Firefox ESR 128.10.1

https://www.mozilla.org/en-US/security/advisories/mfsa2025-37/

[3] Security Vulnerabilities fixed in Firefox 138.0.4

https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/

[4] Update Firefox to the latest release

https://support.mozilla.org/ko/kb/update-firefox-latest-release