CVE-2025-8027 — Use of Uninitialized Variable in Mozilla Firefox

CWE-457 — Use of Uninitialized Variable14 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 70.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Mozilla Firefox

Timeline

PublishedJul 22

Latest updateFeb 2

Description

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDmozilla/firefox128.0 — 128.13.0+3

▶NVDmozilla/thunderbird140.0 — 140.1.0+2

▶Debianmozilla/thunderbird< 1:128.13.0esr-1~deb11u1+3

🔴Vulnerability Details

OSV

CVE-2025-8027: On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack↗2025-07-22

▶

CVEList

JavaScript engine only wrote partial return value to stack↗2025-07-22

▶

GHSA

GHSA-j3rx-39f7-r8hw: On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack↗2025-07-22

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2026-02-02

▶

Red Hat

firefox: thunderbird: JavaScript engine only wrote partial return value to stack↗2025-07-22

▶

Debian

CVE-2025-8027: firefox - On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value ...↗2025

▶

Mozilla

Mozilla Foundation Security Advisory 2025-56: CVE-2025-8027↗

▶

Mozilla

Mozilla Foundation Security Advisory 2025-62: CVE-2025-8027↗

▶