Type Confusion Vulnerability in Firefox by Mozilla
CVE-2025-1933

8.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr
Vendor: CVE Published:; 4 March 2025

Summary

This vulnerability arises on 64-bit CPUs where the JIT compiler processes WebAssembly (WASM) i32 return values. Due to inadvertent memory bits from previously used data being retrieved, these values may be misinterpreted as different types. This could lead to unexpected behaviors in applications relying on Firefox, potentially compromising the security of user data. The vulnerability affects several versions of Firefox and its Extended Support Releases (ESRs), emphasizing the necessity for users to update their browsers to the latest versions to mitigate potential risks.

Affected Version(s)

Firefox < 136

Firefox ESR < 115.21

Firefox ESR < 128.8

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1946004

https://www.mozilla.org/security/advisories/mfsa2025-14/

https://www.mozilla.org/security/advisories/mfsa2025-15/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2025
Vulnerability Reserved
Mar 4, 2025

Credit

Xiangwei Zhang and kkdong of Tencent Security YUNDING LAB