CVE-2025-1933
Published: 04 March 2025
Summary
CVE-2025-1933 is a high-severity an unspecified weakness vulnerability in Mozilla Firefox. Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 34.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely remediation through patching Firefox and Thunderbird to fixed versions directly prevents exploitation of the WASM JIT type confusion vulnerability in CVE-2025-1933.
Vulnerability scanning identifies systems running vulnerable versions of Firefox and Thunderbird affected by CVE-2025-1933.
Monitoring security advisories such as Mozilla's MFSA 2025-14 provides awareness of CVE-2025-1933 to enable patching and scanning.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Browser-based type confusion in WASM JIT enables remote exploitation via user visiting malicious site (drive-by compromise) to achieve client execution, potentially leading to DoS or tampering.
NVD Description
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox…
more
ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
Deeper analysisAI
CVE-2025-1933 is a type confusion vulnerability in the WebAssembly (WASM) Just-In-Time (JIT) compiler on 64-bit CPUs. When compiling i32 return values, the JIT can inadvertently incorporate bits from leftover memory, potentially causing the values to be treated as a different type. This affects Mozilla Firefox versions prior to 136, Firefox ESR prior to 115.21 and 128.8, Thunderbird prior to 136 and 128.8.
Remote attackers can exploit this vulnerability over the network with low complexity and no privileges required, but it necessitates user interaction, such as visiting a malicious site hosting crafted WASM code. Successful exploitation yields low confidentiality and integrity impacts alongside high availability impact, as scored at CVSS 7.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H), potentially enabling denial-of-service or limited data tampering.
Mozilla's security advisories (MFSA 2025-14 through 17) and the associated Bugzilla entry detail the fix, recommending immediate upgrades to Firefox 136, Firefox ESR 115.21 or 128.8, Thunderbird 136, or Thunderbird 128.8 to mitigate the issue. No additional workarounds are specified in the available information.
Details
- CWE(s)