CVE-2025-13024
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-11
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | From 60.9.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-733 | The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Just-In-Time (JIT) miscompilation issue in the JavaScript Engine's JIT component affecting Firefox versions earlier than 145. It means that the JIT compiler may incorrectly compile JavaScript code, potentially leading to unexpected behavior or security issues.
How can this vulnerability impact me? :
The impact of this vulnerability could include incorrect execution of JavaScript code, which might be exploited to cause crashes, execute arbitrary code, or bypass security mechanisms in affected Firefox versions prior to 145.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70