CVE-2025-1933

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-1933

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1933.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-1933

Downstream

DEBIAN-CVE-2025-1933

DLA-4078-1

DLA-4081-1

DSA-5874-1

DSA-5876-1

OESA-2025-1265

OESA-2025-1266

OESA-2025-1267

OESA-2025-1268

OESA-2025-1835

RHSA-2025:2359

RHSA-2025:2452

RHSA-2025:2479

RHSA-2025:2480

RHSA-2025:2481

RHSA-2025:2484

RHSA-2025:2485

RHSA-2025:2486

RHSA-2025:2699

RHSA-2025:2708

RLSA-2025:2452

SUSE-SU-2025:0783-1

SUSE-SU-2025:0788-1

SUSE-SU-2025:0849-1

UBUNTU-CVE-2025-1933

USN-7334-1

USN-7663-1

openSUSE-SU-2025:14852-1

openSUSE-SU-2025:14853-1

openSUSE-SU-2025:14861-1

Related

Published

2025-03-04T14:15:38Z

Modified

2025-08-09T19:01:27Z

Summary

[none]

Details

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

References

Affected packages