Primary

Context

Mozilla Firefox and Thunderbird JIT Vulnerability in WebAssembly Return Value Handling on 64-bit CPUs

Vulnerability

Patched

A vulnerability exists in Mozilla Firefox versions prior to 136, Firefox ESR versions prior to 115.21 and 128.8, and Thunderbird versions prior to 136 and 128.8. On 64-bit processors, the Just-In-Time (JIT) compiler can improperly handle WebAssembly (WASM) integer return values by incorporating residual bits from memory. This mismanagement may lead to the values being misinterpreted as different data types.

Impact

Exploitation of this vulnerability can cause memory corruption, allowing for arbitrary code execution.

Remediation

Users can upgrade to Firefox 136, Firefox ESR 115.21 or 128.8, or Thunderbird 136 or 128.8 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox and Thunderbird JIT Vulnerability in WebAssembly Return Value Handling on 64-bit CPUs

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

Mozilla Firefox ESR

Mozilla Thunderbird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating