News

Firefox 138.0.4 available

The update fixes two critical security vulnerabilities.

May 19, 2025 David Fischer

Firefox 138.0.4, as well as 128.10.1 ESR and 115.23.1 ESR are available as updates. Each update fixes two critical security vulnerabilities.

Mozilla released a security update for Firefox 138, 128 ESR, and 115 ESR last night. Versions 138.0.4, 128.10.1 ESR, and 115.23.1 ESR each close two critical vulnerabilities CVE-2025-4920 and CVE-2025-4921. Both affect JavaScript:

CVE-2025-4918: Out-of-bounds access when resolving Promise objects An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object.
CVE-2025-4919: Out-of-bounds access when optimizing linear sums An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes.

According to the release notes, no further changes were made. The update itself should already be distributed via the browser's update function.

About Author

David Fischer

I am a technology writer for UpdateStar, covering software, security, and privacy as well as research and innovation in information security. I worked as an editor for German computer magazines for more than a decade before starting to be a team member at UpdateStar.

About Author

David Fischer

Next Article

Thunderbird 138.0.2 available

Previous Article

Lock, Load, and Backup: Windows Software Champions of 2025

Related Articles

More from Author

Latest Articles