CVE-2025-8027

JavaScript engine only wrote partial return value to stack

Description

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

INFO

Published Date :

2025-07-22T20:49:24.039Z

Last Modified :

2026-04-13T14:26:46.624Z

Source :

mozilla

AFFECTED PRODUCTS

The following products are affected by CVE-2025-8027 vulnerability.

Vendors	Products
Mozilla	Firefox Firefox Esr Thunderbird
Redhat	Enterprise Linux

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-8027.

URL	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1968423
https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2025-8027
https://www.cve.org/CVERecord?id=CVE-2025-8027
https://www.mozilla.org/security/advisories/mfsa2025-56/
https://www.mozilla.org/security/advisories/mfsa2025-57/
https://www.mozilla.org/security/advisories/mfsa2025-58/
https://www.mozilla.org/security/advisories/mfsa2025-58/#CVE-2025-8027
https://www.mozilla.org/security/advisories/mfsa2025-59/
https://www.mozilla.org/security/advisories/mfsa2025-61/
https://www.mozilla.org/security/advisories/mfsa2025-62/
https://www.mozilla.org/security/advisories/mfsa2025-62/#CVE-2025-8027
https://www.mozilla.org/security/advisories/mfsa2025-63/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact