Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Information Disclosure
Mozilla
Firefox
NVD
CVSS 3.1
3.7
EPSS
0.4%
To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Buffer Overflow
Mozilla
Memory Corruption
Firefox
Thunderbird
NVD
CVSS 3.1
2.7
EPSS
0.7%