← Back

CVE-2025-8027

nvd nist
Published: Jul 22, 2025Modified: Apr 13, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Affected (7)

Mozilla
2 products
Firefox
Thunderbird
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Mozilla
Firefox
Before 141.0
Firefox
Before 115.26.0
Firefox
From 128.0 to 128.13.0
Firefox
From 140.0 to 140.1.0
Mozilla
Thunderbird
Before 141.0
Thunderbird
Before 128.13.0
Thunderbird
From 140.0 to 140.1.0

Related CWEs

CWE-457
Use of Uninitialized Variable
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

References (9)

Source: security@mozilla.org
Permissions Required
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.