On 64-bit CPUs, the JIT compiler in Firefox's WebAssembly engine could produce i32 return values that include residual bits from leftover memory, leading to potential type confusion. This flaw could cause the returned values to be misinterpreted as a different type than intended. The vulnerability was reported by Tencent Security YUNDING LAB and fixed in Firefox 136 and corresponding ESR and Thunderbird versions. It has a CVSS 3.1 score of 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H), reflecting network attack vector, low attack complexity, no privileges required, user interaction needed, unchanged scope, and partial impacts on confidentiality, integrity, and high impact on availability.

The vulnerability allows an attacker to cause type confusion in WebAssembly i32 return values on 64-bit CPUs, potentially leading to incorrect program behavior or crashes. The CVSS score indicates partial confidentiality and integrity loss and high availability impact. Although no exploits are currently known in the wild, the issue could be leveraged in attacks requiring user interaction to compromise system stability or data integrity.

This vulnerability has been fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8. Users and administrators should update to these versions or later to remediate the issue. No additional mitigation actions are required beyond applying the official patches provided by Mozilla.