Type Confusion Vulnerability in Firefox by Mozilla
CVE-2025-1933

7.6HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 4 March 2025

What is CVE-2025-1933?

This vulnerability arises on 64-bit CPUs where the JIT compiler processes WebAssembly (WASM) i32 return values. Due to inadvertent memory bits from previously used data being retrieved, these values may be misinterpreted as different types. This could lead to unexpected behaviors in applications relying on Firefox, potentially compromising the security of user data. The vulnerability affects several versions of Firefox and its Extended Support Releases (ESRs), emphasizing the necessity for users to update their browsers to the latest versions to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Firefox < 136

Firefox ESR < 115.21

Firefox ESR < 128.8

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1946004

https://www.mozilla.org/security/advisories/mfsa2025-14/

https://www.mozilla.org/security/advisories/mfsa2025-15/

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2025
Vulnerability Reserved
Mar 4, 2025

Credit

Xiangwei Zhang and kkdong of Tencent Security YUNDING LAB

JSON

Mozilla