CVE-2025-1933
HIGHDescription
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
Is your site exposed to CVE-2025-1933?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Affected Products
| Vendor | Product |
|---|---|
| mozilla | firefox |
| mozilla | firefox |
| mozilla | firefox |
| mozilla | thunderbird |
| mozilla | thunderbird |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-1933? +
How severe is CVE-2025-1933? +
What products are affected by CVE-2025-1933? +
How do I check if I'm vulnerable to CVE-2025-1933? +
Related Vulnerabilities
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised …
ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is …
Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1.
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR …
Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146.
Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird …