CVE-2025-1933
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/03/2025
Last modified:
03/04/2025
Description
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox
Impact
Base Score 3.x
7.60
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* | 115.21.0 (excluding) | |
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* | 136.0 (excluding) | |
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* | 116.0 (including) | 128.8.0 (excluding) |
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* | 128.8 (excluding) | |
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* | 129.0 (including) | 136.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://bugzilla.mozilla.org/show_bug.cgi?id=1946004
- https://www.mozilla.org/security/advisories/mfsa2025-14/
- https://www.mozilla.org/security/advisories/mfsa2025-15/
- https://www.mozilla.org/security/advisories/mfsa2025-16/
- https://www.mozilla.org/security/advisories/mfsa2025-17/
- https://www.mozilla.org/security/advisories/mfsa2025-18/