Skip to main content

CWE-1332

Improper Handling of Faults that Lead to Instruction Skips

3 CVEs Avg CVSS 7.5 MITRE
1
CRITICAL
0
HIGH
2
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2025-8028 CRITICAL PATCH Act Now

WebAssembly JIT compiler on ARM64 architectures incorrectly calculates branch addresses when processing WASM br_table instructions with numerous entries, enabling remote code execution in Firefox <141, Firefox ESR <115.26/128.13/140.1, and Thunderbird <141/128.13/140.1. The vulnerability requires no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), allowing network-based attackers to potentially execute arbitrary code through malicious WASM content. Vendor-released patches are available across all affected product lines. No public exploit identified at time of analysis, though the CVSS 9.8 critical rating reflects the theoretical severity of unauthenticated remote code execution.

Mozilla Information Disclosure Thunderbird Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-20060 MEDIUM This Month

In da, there is a possible escalation of privilege due to an incorrect status check. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-20059 MEDIUM This Month

In da, there is a possible escalation of privilege due to an incorrect status check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

WebAssembly JIT compiler on ARM64 architectures incorrectly calculates branch addresses when processing WASM br_table instructions with numerous entries, enabling remote code execution in Firefox <141, Firefox ESR <115.26/128.13/140.1, and Thunderbird <141/128.13/140.1. The vulnerability requires no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), allowing network-based attackers to potentially execute arbitrary code through malicious WASM content. Vendor-released patches are available across all affected product lines. No public exploit identified at time of analysis, though the CVSS 9.8 critical rating reflects the theoretical severity of unauthenticated remote code execution.

Mozilla Information Disclosure Thunderbird +2
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

In da, there is a possible escalation of privilege due to an incorrect status check. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In da, there is a possible escalation of privilege due to an incorrect status check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy