CVE-2025-1933
Description
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
On 64-bit CPUs, Firefox's JIT compiler could leave residual high bits in WASM i32 return values, potentially changing their type and leading to memory corruption or crashes.
Vulnerability
Details
CVE-2025-1933 is a high-severity issue in Firefox's just-in-time (JIT) compiler when handling WebAssembly (WASM) i32 return values on 64-bit CPUs. Due to an optimization flaw, the JIT may fail to clear upper bits of the CPU registers holding the return value, allowing stale memory bits to persist. This can cause the returned 32-bit integer to be interpreted as a different type, leading to type confusion or memory corruption [1][2].
Exploitation
Prerequisites
No authentication is required to trigger the vulnerability; a remote attacker would need to convince a user to visit a malicious page containing crafted WASM code. The bug is triggered during JIT compilation of WASM functions that return i32 values. Exploitation does not require user interaction beyond normal browsing and is reproducible with a proof-of-concept script [1].
Impact
An attacker can leverage this type confusion to read or write memory in the browser process, potentially leading to arbitrary code execution or a crash. The vulnerability is rated high (CVSS 7.6) and could be used in a chain with other bugs to achieve sandbox escape [1][2].
Mitigation
Mozilla has fixed this issue in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8. Users should update to the latest versions. No workarounds are available [2][3][4].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
30cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <136.0
- cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*range: <115.21.0
- (no CPE)range: <=136
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <128.8
- (no CPE)range: <=136 and <=128.8
- Range: <=115.21 and <=128.8
- osv-coords24 versionspkg:rpm/almalinux/firefoxpkg:rpm/almalinux/firefox-x11pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6
< 128.8.0-1.el9_5+ 23 more
- (no CPE)range: < 128.8.0-1.el9_5
- (no CPE)range: < 128.8.0-1.el9_5
- (no CPE)range: < 128.8.0-1.1
- (no CPE)range: < 128.8.0-150200.152.173.1
- (no CPE)range: < 136.0-1.1
- (no CPE)range: < 128.8.0-150200.8.203.1
- (no CPE)range: < 128.8.0-1.1
- (no CPE)range: < 128.8.0-150200.152.173.1
- (no CPE)range: < 128.8.0-150200.152.173.1
- (no CPE)range: < 128.8.0-150200.152.173.1
- (no CPE)range: < 128.8.0-150200.152.173.1
- (no CPE)range: < 128.8.0-150200.152.173.1
- (no CPE)range: < 128.8.0-150200.152.173.1
- (no CPE)range: < 128.8.0-150200.152.173.1
- (no CPE)range: < 128.8.0-112.249.3
- (no CPE)range: < 128.8.0-150200.152.173.1
- (no CPE)range: < 128.8.0-150200.152.173.1
- (no CPE)range: < 128.8.0-150200.152.173.1
- (no CPE)range: < 128.8.0-150200.152.173.1
- (no CPE)range: < 128.8.0-150200.152.173.1
- (no CPE)range: < 128.8.0-150200.152.173.1
- (no CPE)range: < 128.8.0-112.249.3
- (no CPE)range: < 128.8.0-150200.8.203.1
- (no CPE)range: < 128.8.0-150200.8.203.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- www.mozilla.org/security/advisories/mfsa2025-14/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-15/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-16/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-17/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-18/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
- lists.debian.org/debian-lts-announce/2025/03/msg00006.htmlnvd
News mentions
0No linked articles in our index yet.