CVE-2025-4920 – Mozilla Firefox Promise Object Out-of-Bounds Read/Write Vulnerability

May 17, 2025

CVE ID : CVE-2025-4920

Published : May 17, 2025, 10:15 p.m. | 2 hours, 31 minutes ago

Description : An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4921 – Firefox JavaScript Out-of-Bounds Access Vulnerability

Next Article CVE-2025-4919 – Mozilla Firefox Out-of-Bounds JavaScript Vulnerability

Highlights

CVE-2025-22235 – Spring Security Endpoint Request Denial of Service (DoS)

April 28, 2025

CVE ID : CVE-2025-22235

Published : April 28, 2025, 8:15 a.m. | 4 hours, 14 minutes ago

Description : EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed.

Your application may be affected by this if all the following conditions are met:

* You use Spring Security
* EndpointRequest.to() has been used in a Spring Security chain configuration
* The endpoint which EndpointRequest references is disabled or not exposed via web
* Your application handles requests to /null and this path needs protection

You are not affected if any of the following is true:

* You don’t use Spring Security
* You don’t use EndpointRequest.to()
* The endpoint which EndpointRequest.to() refers to is enabled and is exposed
* Your application does not handle requests to /null or this path does not need protection

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

14 secret phone codes that unlock hidden features on your Android and iPhone

Stop using AI for these 9 work tasks – here’s why

A smart sensor assessed my home’s risk of electrical fires, and I was impressed

I brought Samsung’s rugged Galaxy tablet on a hiking trip, and it weathered everything

AI’s Hidden Thirst: The Water Behind Tech

AI’s Hidden Thirst: The Water Behind Tech

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

Maintaining Data Consistency with Laravel Database Transactions

5 Best VPN for Lenovo Laptops to Enjoy the Web Safely

5 Best VPN for Lenovo Laptops to Enjoy the Web Safely

3 Best Antivirus and Malware Protection Software

11 Best Antivirus Without Ads

CVE-2025-4920 – Mozilla Firefox Promise Object Out-of-Bounds Read/Write Vulnerability

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware

ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure

CVE-2025-46825 – Kanboard Stored Cross-Site Scripting (XSS) Vulnerability

openVidu is a platform to develop WebRTC real-time applications

CVE-2025-52555 – Ceph File System Root Privilege Escalation

Is DeepSeek AI a “profound threat” to U.S. national security? A report suggests the Chinese startup unlawfully stole OpenAI’s data, too.

CVE-2025-22235 – Spring Security Endpoint Request Denial of Service (DoS)

New Linux Security Flaw Can Bypass Disk Encryption

CVE-2025-4557 – ZONG YU Parking Management System Missing Authentication Vulnerability

CVE-2025-3962 – Withstars Books-Management-System Cross-Site Scripting Vulnerability

CVE-2025-4920 – Mozilla Firefox Promise Object Out-of-Bounds Read/Write Vulnerability

Related Posts