CRITICAL🇵🇱 Wersja polska

CVE-2025-13024

CVSS 9.8v3.1pub. 2025-11-11upd. 2026-04-13

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

🤖 AI Analysis
How it works

The vulnerability stems from improper compilation of JavaScript code by the JIT (Just-In-Time) component of the JavaScript engine. The JIT compiler transforms JavaScript code into native processor instructions to accelerate execution — faulty compilation can lead to unpredictable memory behavior or unintended machine code execution. Classified as CWE-733 (Improper JIT Compilation), the vulnerability can be triggered by specially crafted JavaScript code delivered, for example, through a malicious website.

Impact

An attacker can compromise the confidentiality, integrity, and availability of the system, potentially gaining the ability to execute arbitrary code remotely (RCE) in the context of the victim's browser or email client.

Mitigation & patch

Mozilla Firefox should be updated to version 145 or later, and Mozilla Thunderbird should be updated to version 145 or later. The patch is available through official Mozilla distribution channels.

Who is affected

Mozilla Firefox versions prior to 145 and Mozilla Thunderbird versions prior to 145.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mozilla Firefox

    APP
    Mozilla
    < 145.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-9680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Use-after-free w Animation timelines Firefox/Thunderbird — RCE

CVE-2022-26486CRITICAL9.6⚠ KEVten sam produkt

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...

CVE-2019-11708CRITICAL10.0⚠ KEVten sam produkt

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...

CVE-2010-3765CRITICAL9.8⚠ KEVten sam produkt

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...

CVE-2026-14241CRITICAL9.8ten sam produkt

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...