CVE-2025-3031 - Vulnerability Details

- JIT optimization bug with different stack slot sizes

Description

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

Published: 2025-04-01

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An attacker can read 32‑bit values that are inadvertently written to the stack by a JIT‑compiled function. The read exposes data stored in those stack slots, potentially leaking sensitive runtime information. The vulnerability is categorized as CWE‑200 (Information Exposure) and CWE‑203 (Improper Assertion of Security-relevant Data).

Affected Systems

Mozilla Firefox and Mozilla Thunderbird versions before 137 are affected. The fix is included in Firefox 137 and Thunderbird 137, so any release prior to those versions is potentially vulnerable.

Risk and Exploitability

The CVSS score is 6.5, indicating moderate severity. EPSS is below 1 %, showing a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, suggesting no publicly known exploits. The attack requires execution of malicious code that triggers a JIT‑compiled function, such as a crafted webpage or email attachment executed in the target application.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mozilla

Firefox

affected

Version	Status	Constraints
`137`	unaffected	≤ *

Mozilla

Thunderbird

affected

Version	Status	Constraints
`137`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Mozilla Firefox to version 137 or later and Mozilla Thunderbird to version 137 or later to apply the JIT optimization fix.
If an upgrade cannot be performed immediately, isolate the vulnerable applications by restricting them to run only trusted content or disabling script execution that would trigger JIT compilation.
Enable logging and monitoring for JIT‑compiled activity to detect anomalous stack‑reading patterns and investigate any suspicious behavior.

Generated by OpenCVE AI on April 21, 2026 at 21:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-9301	An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137.
Ubuntu USN	USN-7991-1	Thunderbird vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00282.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1947141
https://nvd.nist.gov/vuln/detail/CVE-2025-3031
https://www.cve.org/CVERecord?id=CVE-2025-3031
https://www.mozilla.org/security/advisories/mfsa2025-20/
https://www.mozilla.org/security/advisories/mfsa2025-23/

History

Mon, 13 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description	An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137.	An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137.
Title	firefox: thunderbird: JIT optimization bug with different stack slot sizes	JIT optimization bug with different stack slot sizes

Mon, 07 Apr 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla firefox Mozilla thunderbird
CPEs		cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:thunderbird::::::::
Vendors & Products		Mozilla Mozilla firefox Mozilla thunderbird

Wed, 02 Apr 2025 02:15:00 +0000

Type	Values Removed	Values Added
Title		firefox: thunderbird: JIT optimization bug with different stack slot sizes
Weaknesses		CWE-203
References		https://nvd.nist.gov/vuln/detail/CVE-2025-3031 https://www.cve.org/CVERecord?id=CVE-2025-3031
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 01 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 01 Apr 2025 12:45:00 +0000

Type	Values Removed	Values Added
Description		An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137.
References		https://bugzilla.mozilla.org/show_bug.cgi?id=1947141 https://www.mozilla.org/security/advisories/mfsa2025-20/ https://www.mozilla.org/security/advisories/mfsa2025-23/

Subscriptions

Mozilla Firefox Thunderbird

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2025-04-01T12:29:02.220Z

Updated: 2026-04-13T14:29:28.718Z

Reserved: 2025-03-31T09:35:24.758Z

Link: CVE-2025-3031

Vulnrichment

Updated: 2025-04-01T18:38:13.497Z

NVD

Status : Modified

Published: 2025-04-01T13:15:41.493

Modified: 2026-04-13T15:16:56.830

Link: CVE-2025-3031

Redhat

Severity : Moderate

Publid Date: 2025-04-01T12:29:02Z

Links: CVE-2025-3031 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-21T21:45:25Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object