News

Firefox 138.0.4 available

The update fixes two critical security vulnerabilities.

May 19, 2025
David Fischer

Firefox 138.0.4, as well as 128.10.1 ESR and 115.23.1 ESR are available as updates. Each update fixes two critical security vulnerabilities.

Mozilla released a security update for Firefox 138, 128 ESR, and 115 ESR last night. Versions 138.0.4, 128.10.1 ESR, and 115.23.1 ESR each close two critical vulnerabilities CVE-2025-4920 and CVE-2025-4921. Both affect JavaScript:

CVE-2025-4918: Out-of-bounds access when resolving Promise objects An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object.
CVE-2025-4919: Out-of-bounds access when optimizing linear sums An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes.

According to the release notes, no further changes were made. The update itself should already be distributed via the browser's update function.

about author

David Fischer

I am a technology writer for UpdateStar, covering software, security, and privacy as well as research and innovation in information security. I worked as an editor for German computer magazines for more than a decade before starting to be a team member at UpdateStar.

Firefox 138.0.4 available

about author

David Fischer

Try a free UpdateStar Pack to get a basic software setup for Windows

Google Chrome 137.0.7151.119 / .120 with 3 security fixes and Extended Stable 136.0.7103.177

VPN Trends in 2025: Advanced Privacy Features and Decentralization

Fun Fact: There Is Always One Security Vendor Who Thinks UpdateStar.com Is Suspicious

Multi-channel proxy client 1.0

Microsoft .NET SDK (x64) 9.3.125.26904

Microsoft 365 16.0.18925.20064

Microsoft Windows Desktop Runtime 8.0.17.34917

Proxy verify tool 1.0

Firefox 138.0.4 available

about author

Related Articles

More from Author