CVE-2025-4918: firefox: thunderbird: Out-of-bounds access when resolving Promise objects

Severity: Critical

CVSS Score: 9.8

An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.