CVE-2025-8027: Vulnerability in Mozilla Firefox
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
AI Analysis
Technical Summary
On 64-bit platforms, the IonMonkey JIT compiler in Mozilla Firefox wrote only 32 bits of the 64-bit return value space on the stack, whereas the Baseline JIT compiler read the entire 64 bits. This discrepancy could lead to incorrect behavior or potential security issues. The vulnerability is tracked as CVE-2025-8027 and was reported by Nan Wang. It was addressed and fixed in Firefox 141 and corresponding ESR and Thunderbird versions. The issue is related to improper handling of return values in the JavaScript engine's JIT compilation process.
Potential Impact
The vulnerability could cause incorrect handling of 64-bit return values in the JavaScript engine, potentially leading to security issues such as information disclosure or memory corruption. The CVSS score of 6.5 indicates a medium severity with high confidentiality impact but no integrity or availability impact. There are no known exploits in the wild at this time.
Mitigation Recommendations
Mozilla has released official fixes for this vulnerability in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1. Users and administrators should update to these versions or later to remediate the issue. Since this is not a cloud service, patching the client software is required. Patch status is confirmed by Mozilla advisories MFSA 2025-56 and MFSA 2025-57.
CVE-2025-8027: Vulnerability in Mozilla Firefox
Description
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
On 64-bit platforms, the IonMonkey JIT compiler in Mozilla Firefox wrote only 32 bits of the 64-bit return value space on the stack, whereas the Baseline JIT compiler read the entire 64 bits. This discrepancy could lead to incorrect behavior or potential security issues. The vulnerability is tracked as CVE-2025-8027 and was reported by Nan Wang. It was addressed and fixed in Firefox 141 and corresponding ESR and Thunderbird versions. The issue is related to improper handling of return values in the JavaScript engine's JIT compilation process.
Potential Impact
The vulnerability could cause incorrect handling of 64-bit return values in the JavaScript engine, potentially leading to security issues such as information disclosure or memory corruption. The CVSS score of 6.5 indicates a medium severity with high confidentiality impact but no integrity or availability impact. There are no known exploits in the wild at this time.
Mitigation Recommendations
Mozilla has released official fixes for this vulnerability in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1. Users and administrators should update to these versions or later to remediate the issue. Since this is not a cloud service, patching the client software is required. Patch status is confirmed by Mozilla advisories MFSA 2025-56 and MFSA 2025-57.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-07-22T10:13:47.266Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 687ffd50a915ff00f7fb5952
Added to database: 7/22/2025, 9:06:24 PM
Last enriched: 4/14/2026, 11:52:48 AM
Last updated: 5/8/2026, 4:12:50 PM
Views: 88
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.