494/68 Thursday, November 27, 2025
Security researchers from AISLE have disclosed a severe vulnerability, tracked as CVE-2025-13016, found in the WebAssembly (Wasm) component of the Firefox web browser. The flaw remained undetected for more than six months and stems from a single-line error in Firefox’s Garbage Collection (GC) code. The issue leads to a stack buffer overflow, allowing attackers to overwrite memory and potentially execute malicious code remotely. It is estimated that over 180 million users may have been affected.
The vulnerability originates from an incorrect calculation of memory pointers, causing the system to copy data beyond its intended buffer size and overwrite critical memory regions. This behavior poses a significant security risk because it can enable attackers to hijack a program’s execution flow. The issue was introduced into Firefox in April 2025, affecting Firefox versions 143 through 145 and Firefox ESR versions prior to 140.5.
AISLE discovered the flaw on October 2, 2025, and promptly reported it to Mozilla. Mozilla’s security team verified the issue and released a patch on November 11, 2025. The vulnerability affects all major platforms, including Windows, macOS, Linux, and Android. Users are strongly advised to update to Firefox 145 or Firefox ESR 140.5 or later to protect their systems from potential exploitation.
Source https://hackread.com/update-firefox-patch-cve-2025-13016-vulnerability/
