Use of Uninitialized Variable

CVE-2025-8027

Medium

6.5/10

Summary

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-457 - Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

References

Advisory Timeline

Published Jul 22, 2025

Use of Uninitialized Variable

CVE-2025-8027

Summary

CWE-457 - Use of Uninitialized Variable

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS