Mozilla Firefox
Moderate fix1 remedy
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*
Moderate fix1 remedy
- < 141
Mozilla Firefox and Thunderbird Branch Table Truncation Vulnerability on Arm64
Vulnerability
Patched
A vulnerability exists in Mozilla Firefox and Thunderbird on arm64 architectures, where a WebAssembly 'br_table' instruction with numerous entries can cause the label to be too distant from the instruction. This distance can lead to truncation and incorrect calculation of the branch address. The issue is present in Firefox versions prior to 141, Firefox ESR versions prior to 115.26, 128.13, and 140.1, as well as in Thunderbird versions prior to 141, 128.13, and 140.1.
Impact
Exploitation of this vulnerability can result in incorrect branch address calculations, potentially leading to unintended control flow in the application.
Remediation
Users can upgrade to Firefox 141 or Thunderbird 141. Firefox ESR users should upgrade to version 115.26, 128.13, or 140.1.
Added: Jul 22, 2025, 9:53 PM
Updated: Jul 22, 2025, 9:53 PM
Vulnerability Rating
Custom Algorithm
spread
8.4impact
2.5exploitability
4.4remediation
7.7relevance
0.3threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.