An integer overflow vulnerability was identified in the OrderedHashTable used by the JavaScript engine in Mozilla Firefox. This vulnerability could allow an attacker to cause memory corruption or other severe impacts due to improper handling of integer values. Mozilla addressed this issue in Firefox 139.0.4 as part of security advisory MFSA 2025-47. The CVSS v3.1 base score is 9.8, reflecting a critical severity with network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.

Successful exploitation of this integer overflow could lead to memory corruption, potentially allowing an attacker to execute arbitrary code, crash the browser, or otherwise compromise the confidentiality, integrity, and availability of the affected system. The CVSS score of 9.8 indicates a critical impact level. However, no known exploits are reported in the wild at this time.

Mozilla has released an official fix for this vulnerability in Firefox version 139.0.4. Users and administrators should update to this version or later to remediate the issue. Since this is a client-side application vulnerability, applying the official update is the primary and recommended mitigation. No additional vendor advisories indicate alternative mitigations or that no action is required.