News

Firefox 138.0.4 available

The update fixes two critical security vulnerabilities.

May 19, 2025
David Fischer

Firefox 138.0.4, as well as 128.10.1 ESR and 115.23.1 ESR are available as updates. Each update fixes two critical security vulnerabilities.

Mozilla released a security update for Firefox 138, 128 ESR, and 115 ESR last night. Versions 138.0.4, 128.10.1 ESR, and 115.23.1 ESR each close two critical vulnerabilities CVE-2025-4920 and CVE-2025-4921. Both affect JavaScript:

CVE-2025-4918: Out-of-bounds access when resolving Promise objects An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object.
CVE-2025-4919: Out-of-bounds access when optimizing linear sums An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes.

According to the release notes, no further changes were made. The update itself should already be distributed via the browser's update function.

about author

David Fischer

I am a technology writer for UpdateStar, covering software, security, and privacy as well as research and innovation in information security. I worked as an editor for German computer magazines for more than a decade before starting to be a team member at UpdateStar.

Firefox 138.0.4 available

about author

David Fischer

Google Chrome 138.0.7204.157 / .158 available

Thunderbird 140.0.1 available

Why Streisand App is the Ultimate Travel Hack for Jetsetters in 2025

7-Zip 25.00 available

Cameraman Monster Coloring 1.0

Bem-Me-Ker 20.0.6

Kitab Akhlaq 1.0

E-HealthCard HP(Mukhya Mantri 1.3.30

TikFollowers Get Likes Avatar 1.1.2

Firefox 138.0.4 available

about author

Related Articles

More from Author