CVE-2025-1933

Published Mar 4, 2025

Last updated a day ago

CVSS high 7.6

Overview

Description
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
Source
security@mozilla.org
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.6
Impact score
4.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Severity
HIGH

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. CVE-2025-1933 On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different t… https://t.co/E65OdZVY8n

    @CVEnew

    5 Mar 2025

    60 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. (CVE-2025-1933)[1946004]When the JIT compiles WASM i32 return values they can pick up bits from left over memory -&gt; Type Confusion(on 64-bit CPUs😅) https://t.co/csfBaNU8hv https://t.co/WLviANtd4K https://t.co/OdARxVnuTO https://t.co/cPy841UUnN

    @xvonfers

    4 Mar 2025

    1142 Impressions

    0 Retweets

    12 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

Configurations

References