PT-2025-9658 · Mozilla+11 · Firefox+11

Kkdong

+1

·

Published

2025-03-04

·

Updated

2025-07-22

·

CVE-2025-1933

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 136 Firefox ESR versions prior to 115.21 Firefox ESR versions prior to 128.8
Description The issue arises when the JIT compiles WASM i32 return values on 64-bit CPUs, potentially picking up bits from leftover memory. This can cause the values to be treated as a different type.
Recommendations For Firefox versions prior to 136, update to version 136 or later. For Firefox ESR versions prior to 115.21, update to version 115.21 or later. For Firefox ESR versions prior to 128.8, update to version 128.8 or later.

Fix

Unchecked Return Value

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-252CWE-843

Related Identifiers

ALSA-2025:2359
ALSA-2025:2452
ALT-PU-2025-3905
ALT-PU-2025-4001
ALT-PU-2025-4567
ALT-PU-2025-5829
ALT-PU-2025-7695
ALT-PU-2025-7697
BDU:2025-02877
CESA-2025_2452
CVE-2025-1933
DLA-4078-1
DLA-4081-1
DSA-5874-1
DSA-5876-1
INFSA-2025_2359
INFSA-2025_2452
MGASA-2025-0092
MGASA-2025-0093
OESA-2025-1265
OESA-2025-1266
OESA-2025-1267
OESA-2025-1268
OESA-2025-1835
OPENSUSE-SU-2025:14852-1
OPENSUSE-SU-2025:14853-1
OPENSUSE-SU-2025:14861-1
OPENSUSE-SU-2025_0788-1
OPENSUSE-SU-2025_0849-1
RHSA-2025:2359
RHSA-2025:2452
RHSA-2025:2479
RHSA-2025:2480
RHSA-2025:2481
RHSA-2025:2484
RHSA-2025:2485
RHSA-2025:2486
RHSA-2025:2699
RHSA-2025:2708
RHSA-2025_2359
RHSA-2025_2452
SUSE-SU-2025:0783-1
SUSE-SU-2025:0788-1
SUSE-SU-2025:0849-1
SUSE-SU-2025_0783-1
USN-7334-1
USN-7663-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Firefox
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu