Primary

Context

Mozilla Firefox and Thunderbird Partial Return Value Stack Vulnerability

Vulnerability

Patched

A vulnerability exists in the JavaScript engine of Mozilla Firefox and Thunderbird on 64-bit platforms. The IonMonkey Just-In-Time (JIT) compiler only wrote 32 bits of the 64-bit return value space to the stack, while the Baseline JIT read the entire 64 bits. This issue affects multiple versions of Firefox and Thunderbird.

Impact

Exploitation of this vulnerability could lead to incorrect handling of return values in JavaScript, potentially allowing for memory corruption or arbitrary code execution.

Remediation

Users can upgrade to Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141 or Thunderbird ESR 128.13 to address this vulnerability.

Added: Jul 22, 2025, 9:55 PM

Updated: Jul 22, 2025, 9:55 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox and Thunderbird Partial Return Value Stack Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

Mozilla Firefox ESR

Mozilla Thunderbird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating