CVE-2025-4082 WebGL shader attribute memory corruption in Thunderbird for macOS

🗓️ 29 Apr 2025 13:13:35Reported by mozillaType

WebGL shader modification in Firefox for macOS allows out-of-bounds read and privilege escalation.

Reporter	Title	Published	Views	Family All 126
AlpineLinux	CVE-2025-4082	29 Apr 202514:15	–	alpinelinux
Circl	CVE-2025-4082	29 Apr 202515:50	–	circl
CNNVD	Mozilla Firefox 安全漏洞	29 Apr 202500:00	–	cnnvd
CVE	CVE-2025-4082	29 Apr 202513:13	–	cve
Debian	[SECURITY] [DLA 4167-1] thunderbird security update	19 May 202512:33	–	debian
Debian CVE	CVE-2025-4082	29 Apr 202513:13	–	debiancve
Tenable Nessus	Debian dla-4167 : thunderbird - security update	19 May 202500:00	–	nessus
Tenable Nessus	Fedora 41 : thunderbird (2025-23fe8c5b7e)	7 May 202500:00	–	nessus
Tenable Nessus	Fedora 41 : firefox (2025-33d579ecb1)	7 May 202500:00	–	nessus
Tenable Nessus	Fedora 40 : thunderbird (2025-6e3f18b2c0)	9 May 202500:00	–	nessus

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "115.23",
        "lessThanOrEqual": "115.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "128.10",
        "lessThanOrEqual": "128.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "138",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "128.10",
        "lessThanOrEqual": "128.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "138",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  }
]

Source	Link
mozilla	www.mozilla.org/security/advisories/mfsa2025-31/
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi
mozilla	www.mozilla.org/security/advisories/mfsa2025-30/
mozilla	www.mozilla.org/security/advisories/mfsa2025-32/
mozilla	www.mozilla.org/security/advisories/mfsa2025-29/
mozilla	www.mozilla.org/security/advisories/mfsa2025-28/

13 Apr 2026 14:27Current

EPSS0.00178