关键漏洞信息 漏洞公告 公告编号: Mozilla Foundation Security Advisory 2025-37 公告日期: May 17, 2025 影响: Critical 产品: Firefox ESR 修复版本: Firefox ESR 128.10.1 漏洞详情 CVE-2025-4920: Out-of-bounds access when resolving Promise objects 报告者: Edouard Bochon and Tao Yan from Palo Alto Networks working with Trend Micro's Zero Day Initiative 影响: Critical 描述: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. 参考: Bug 1966612 CVE-2025-4921: Out-of-bounds access when optimizing linear sums 报告者: Manfred Paul working with Trend Micro's Zero Day Initiative 影响: Critical 描述: An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. 参考: Bug 1966614