Primary

Context

Mozilla Firefox and Thunderbird JIT Stack Data Exposure Vulnerability

Vulnerability

Patched

A vulnerability exists in Firefox versions prior to 137 and Thunderbird versions prior to 137, allowing an attacker to read 32 bits of data that has leaked onto the stack in a Just-In-Time (JIT) compiled function. This issue arises from a JIT optimization bug related to varying stack slot sizes.

Impact

Exploitation of this vulnerability could lead to unauthorized reading of stack data, potentially allowing for further exploitation or information leakage.

Remediation

Users can upgrade to Firefox 137 or Thunderbird 137 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox and Thunderbird JIT Stack Data Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

Mozilla Thunderbird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating