alpine · CVE-2025-1933

Quick triage

Priority: not assigned Published: Updated:

View at Official alpine advisory, NVD, CVE.org · CVE detail

Freshness: no update timestamp found; verify against the upstream OS advisory manually.

Tracker summary

CVE-2025-1933: 3 source package rows (firefox, firefox-esr, thunderbird); 342 state rows across 2 repos (3.22-community, edge-community); fixed 0, open 342.

Description:

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

cvelogic Threat Intelligence