CVE-2025-4919 – Mozilla Firefox Out-of-Bounds JavaScript Vulnerability

May 17, 2025

CVE ID : CVE-2025-4919

Published : May 17, 2025, 10:15 p.m. | 2 hours, 31 minutes ago

Description : An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox ESR
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4920 – Mozilla Firefox Promise Object Out-of-Bounds Read/Write Vulnerability

Next Article CVE-2025-4839 – Itwanger Paicoding Cross-Domain Policy Vulnerability

Highlights

CVE-2025-43857 – Net::IMAP Denial of Service Memory Exhaustion Vulnerability

April 28, 2025

CVE ID : CVE-2025-43857

Published : April 28, 2025, 4:15 p.m. | 2 hours, 50 minutes ago

Description : Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a malicious server can send can send a “literal” byte count, which is automatically read by the client’s receiver thread. The response reader immediately allocates memory for the number of bytes indicated by the server response. This should not be an issue when securely connecting to trusted IMAP servers that are well-behaved. It can affect insecure connections and buggy, untrusted, or compromised servers (for example, connecting to a user supplied hostname). This issue has been patched in versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-4919 – Mozilla Firefox Out-of-Bounds JavaScript Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

CVE-2025-6869 – SourceCodester Simple Company Website SQL Injection Vulnerability

Fighting osteoporosis before it starts

CVE-2025-54073 – Microsoft MCP Package Docs Command Injection Vulnerability

CVE-2024-48906 – Sematell ReplyOne Cross-Site Scripting Vulnerability

CVE-2025-43857 – Net::IMAP Denial of Service Memory Exhaustion Vulnerability

Top FMovies Alternatives: 2025 List to Stream Movies & Shows

CVE-2025-1631 – CVE-2019-0708: Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability

Overwatch 2 joins up with Street Fighter 6 in this dream-come-true collaboration

CVE-2025-4919 – Mozilla Firefox Out-of-Bounds JavaScript Vulnerability

Related Posts