Description
An integer overflow was present in `OrderedHashTable` used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4.
Published: 2025-06-11
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An integer overflow was identified in the OrderedHashTable data structure used by Mozilla Firefox’s JavaScript engine. The flaw can corrupt internal hash tables, and while the CVE description does not state the exact consequence, it is inferred that such corruption could allow an attacker to achieve memory corruption and potentially arbitrary code execution if exploited.

Affected Systems

All Mozilla Firefox releases prior to version 139.0.4 are affected. The vulnerability was fixed in Firefox 139.0.4, so users of earlier builds remain at risk.

Risk and Exploitability

The CVSS score of 9.8 reflects a critical severity, but the EPSS score of less than 1% indicates that the likelihood of exploitation is currently low. The issue is not listed in the CISA KEV catalog. Based on typical attack patterns for JavaScript engine vulnerabilities, the likely vector is malicious web content that triggers the faulty JavaScript code, although this inference is not explicitly confirmed in the CVE data.

Generated by OpenCVE AI on April 20, 2026 at 18:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Firefox to version 139.0.4 or newer to apply the fix for the integer overflow in OrderedHashTable.
  • Configure the browser to download and install updates automatically to ensure future patches are applied without manual intervention.
  • As a temporary measure, restrict or disable JavaScript execution for untrusted sites or implement a content security policy that limits the execution of potentially malicious scripts.

Generated by OpenCVE AI on April 20, 2026 at 18:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-18100 An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4.
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4. An integer overflow was present in `OrderedHashTable` used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4.
Title Integer overflow in OrderedHashTable

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00059}

 epss

{'score': 0.00065}

Mon, 16 Jun 2025 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Vendors & Products Mozilla
Mozilla firefox

Wed, 11 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Jun 2025 12:15:00 +0000

Type Values Removed Values Added
Description An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4.
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:31:46.562Z

Reserved: 2025-06-09T20:17:23.292Z

Link: CVE-2025-49710

cve-icon Vulnrichment

Updated: 2025-06-11T13:23:55.319Z

cve-icon NVD

Status : Modified

Published: 2025-06-11T12:15:27.083

Modified: 2026-04-13T15:16:59.113

Link: CVE-2025-49710

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T18:15:13Z

Weaknesses