What is the severity of CVE-2025-1933?

CVE-2025-1933 has been rated as important due to the potential for uninitialized memory usage leading to various vulnerabilities.

How do I fix CVE-2025-1933?

To remediate CVE-2025-1933, update your Mozilla Firefox to version 136 or later, or Firefox ESR to the appropriate patched versions.

What software is affected by CVE-2025-1933?

CVE-2025-1933 affects Mozilla Firefox versions up to 136, Firefox ESR versions up to 115.21 and 128.8, as well as Thunderbird versions up to 136 and 128.8.

What exploit scenarios exist for CVE-2025-1933?

CVE-2025-1933 could potentially allow attackers to manipulate i32 return values in WebAssembly, which may lead to unexpected behaviors or application crashes.

When was CVE-2025-1933 disclosed?

CVE-2025-1933 was disclosed as part of Mozilla's ongoing security advisories related to its web browser and related software products.

Vulnerability/
CVE-2025-1933

high

7.6

CWE

252

4/3/2025

6/4/2025

CVE-2025-1933

First published: Tue Mar 04 2025(Updated: )

Last updated 6 March 2025

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
Firefox	<136
Firefox ESR	<115.21<128.8
Firefox ESR	<115.21	115.21
debian/firefox		136.0-1
debian/firefox-esr	<=115.14.0esr-1~deb11u1<=128.5.0esr-1~deb12u1	128.8.0esr-1~deb11u1 128.8.0esr-1~deb12u1 128.8.0esr-1
debian/thunderbird	<=1:115.12.0-1~deb11u1<=1:128.5.0esr-1~deb12u1<=1:128.7.0esr-1	1:128.8.0esr-1~deb11u1 1:128.8.0esr-1~deb12u1 1:128.8.0esr-1
Firefox ESR	<128.8	128.8
Firefox	<136	136
Thunderbird	<136	136
Thunderbird	<128.8	128.8
Firefox	<115.21.0
Firefox	<136.0
Firefox	>=116.0<128.8.0
Thunderbird	<128.8
Thunderbird	>=129.0<136.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2025-1933?
CVE-2025-1933 has been rated as important due to the potential for uninitialized memory usage leading to various vulnerabilities.
How do I fix CVE-2025-1933?
To remediate CVE-2025-1933, update your Mozilla Firefox to version 136 or later, or Firefox ESR to the appropriate patched versions.
What software is affected by CVE-2025-1933?
CVE-2025-1933 affects Mozilla Firefox versions up to 136, Firefox ESR versions up to 115.21 and 128.8, as well as Thunderbird versions up to 136 and 128.8.
What exploit scenarios exist for CVE-2025-1933?
CVE-2025-1933 could potentially allow attackers to manipulate i32 return values in WebAssembly, which may lead to unexpected behaviors or application crashes.
When was CVE-2025-1933 disclosed?
CVE-2025-1933 was disclosed as part of Mozilla's ongoing security advisories related to its web browser and related software products.

agent/type
agent/author
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/mozilla-advisory
source/Mozilla
agent/weakness
collector/usn-cve
source/Ubuntu
agent/source
agent/description
agent/trending
collector/security-tracker-debian
source/Debian
collector/nvd-cve
source/NVD
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2025-1933
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/tags
collector/nvd-api
agent/last-modified-date
agent/softwarecombine
agent/event
vendor/mozilla
canonical/firefox
canonical/firefox esr
package-manager/debian
canonical/thunderbird
version/firefox/116.0
version/thunderbird/129.0