Description
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
Published: 2025-03-04
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption / Potential Code Execution
Action: Immediate Update
AI Analysis

Impact

The vulnerability arises when the just‑in‑time compiler for WebAssembly on 64‑bit CPUs wrongly reuses bits from overwritten memory when compiling i32 return values. This can lead to a type confusion that potentially makes a value appear as a different type, creating a memory corruption condition. The impact can compromise confidentiality, integrity, or availability if an attacker manages to trigger the faulty JIT execution flow.

Affected Systems

The flaw affects Mozilla Firefox on all releases up to 135, including ESR 115.20 and ESR 128.7, and Mozilla Thunderbird on all releases up to 135, including ESR 128.7. The vulnerability is removed in Firefox 136, ESR 115.21, and ESR 128.8, as well as in Thunderbird 136 and ESR 128.8. The issue applies to 64‑bit architectures running these browsers. Red Hat Enterprise Linux is listed as a potential host for affected binaries.

Risk and Exploitability

The CVSS score of 7.6 indicates a high severity. The EPSS score is below 1 %, suggesting a very low probability of exploitation at the time of analysis. The issue is not listed in the CISA KEV catalog. The likely attack vector would involve an attacker delivering malicious WebAssembly code that triggers the JIT compiler error, though the exact exploitation details are not disclosed.

Generated by OpenCVE AI on April 20, 2026 at 23:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Firefox to version 136 or newer, or to ESR 115.21 or 128.8, whenever possible.
  • Upgrade Thunderbird to version 136 or newer, or to ESR 128.8.
  • If an upgrade cannot be applied immediately, consider adding a system‑wide policy to block or sandbox execution of WebAssembly modules until a patched version is available.

Generated by OpenCVE AI on April 20, 2026 at 23:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4078-1 firefox-esr security update
Debian DLA Debian DLA DLA-4081-1 thunderbird security update
Debian DSA Debian DSA DSA-5874-1 firefox-esr security update
Debian DSA Debian DSA DSA-5876-1 thunderbird security update
EUVD EUVD EUVD-2025-7438 On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
Ubuntu USN Ubuntu USN USN-7334-1 Firefox vulnerabilities
Ubuntu USN Ubuntu USN USN-7663-1 Thunderbird vulnerabilities
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
Title firefox: JIT corruption of WASM i32 return values on 64-bit CPUs JIT corruption of WASM i32 return values on 64-bit CPUs

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Thu, 03 Apr 2025 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla thunderbird
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Vendors & Products Mozilla
Mozilla firefox
Mozilla thunderbird

Fri, 14 Mar 2025 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/a:redhat:rhel_aus:8.2
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els

Wed, 12 Mar 2025 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-252
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H'}

 cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H'}

Mon, 10 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.4
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus
Redhat rhel Tus

Fri, 07 Mar 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8

Thu, 06 Mar 2025 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Wed, 05 Mar 2025 03:00:00 +0000

Type Values Removed Values Added
Title firefox: JIT corruption of WASM i32 return values on 64-bit CPUs
Weaknesses CWE-843
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 05 Mar 2025 00:00:00 +0000

Type Values Removed Values Added
Description On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8. On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
References

Tue, 04 Mar 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-252
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Mar 2025 13:45:00 +0000

Type Values Removed Values Added
Description On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8.
References

Subscriptions

Mozilla Firefox Thunderbird
Redhat Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:27:38.226Z

Reserved: 2025-03-04T12:29:32.686Z

Link: CVE-2025-1933

cve-icon Vulnrichment

Updated: 2025-11-03T20:57:18.028Z

cve-icon NVD

Status : Modified

Published: 2025-03-04T14:15:38.170

Modified: 2026-04-13T15:16:52.223

Link: CVE-2025-1933

cve-icon Redhat

Severity : Important

Publid Date: 2025-03-04T13:31:23Z

Links: CVE-2025-1933 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T23:45:21Z

Weaknesses