CVE-2025-1933

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-1933

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1933.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-1933

Downstream

DEBIAN-CVE-2025-1933

DLA-4078-1

DLA-4081-1

DSA-5874-1

DSA-5876-1

OESA-2025-1265

OESA-2025-1266

OESA-2025-1267

OESA-2025-1268

OESA-2025-1835

RHSA-2025:2359

RHSA-2025:2452

RHSA-2025:2479

RHSA-2025:2480

RHSA-2025:2481

RHSA-2025:2484

RHSA-2025:2485

RHSA-2025:2486

RHSA-2025:2699

RHSA-2025:2708

RLSA-2025:2452

SUSE-SU-2025:0783-1

SUSE-SU-2025:0788-1

SUSE-SU-2025:0849-1

UBUNTU-CVE-2025-1933

USN-7334-1

USN-7663-1

openSUSE-SU-2025:14852-1

openSUSE-SU-2025:14853-1

openSUSE-SU-2025:14861-1

Related

Withdrawn

2026-01-27T04:19:55.789510Z

Published

2025-03-04T14:15:38Z

Modified

2026-01-27T04:19:55.789510Z

Summary

[none]

Details

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

References

Affected packages