{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-49710", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-06-09T20:17:23.292Z", "datePublished": "2025-06-11T12:07:50.206Z", "dateUpdated": "2026-04-13T14:31:46.562Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "139.0.4", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow was present in `OrderedHashTable` used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An integer overflow was present in <code>OrderedHashTable</code> used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4."}]}], "title": "Integer overflow in OrderedHashTable", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970095"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-47/"}], "credits": [{"lang": "en", "value": "Shaheen Fazim"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:46.562Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-190", "lang": "en", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-06-11T13:22:59.233575Z", "id": "CVE-2025-49710", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:24:02.344Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-49710", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-11T13:22:59.233575Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:23:55.319Z"}}], "cna": {"title": "Integer overflow in OrderedHashTable", "credits": [{"lang": "en", "value": "Shaheen Fazim"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "139.0.4", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970095"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-47/"}], "descriptions": [{"lang": "en", "value": "An integer overflow was present in `OrderedHashTable` used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4.", "supportingMedia": [{"type": "text/html", "value": "An integer overflow was present in <code>OrderedHashTable</code> used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:46.562Z"}}}, "cveMetadata": {"cveId": "CVE-2025-49710", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:31:46.562Z", "dateReserved": "2025-06-09T20:17:23.292Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-06-11T12:07:50.206Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D86253F-369A-487F-83BC-5DC1113FA59D", "versionEndExcluding": "139.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An integer overflow was present in `OrderedHashTable` used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4."}, {"lang": "es", "value": "Se produjo un desbordamiento de entero en `OrderedHashTable` utilizado por el motor JavaScript. Esta vulnerabilidad afecta a Firefox &lt; 139.0.4."}], "id": "CVE-2025-49710", "lastModified": "2026-04-13T15:16:59.113", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-06-11T12:15:27.083", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970095"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-47/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T18:12:01.057177+00:00", "value": {"mitigation_remediation": ["Upgrade Firefox to version\u202f139.0.4 or newer to apply the fix for the integer overflow in OrderedHashTable.", "Configure the browser to download and install updates automatically to ensure future patches are applied without manual intervention.", "As a temporary measure, restrict or disable JavaScript execution for untrusted sites or implement a content security policy that limits the execution of potentially malicious scripts."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All Mozilla\u202fFirefox releases prior to version\u202f139.0.4 are affected. The vulnerability was fixed in Firefox\u202f139.0.4, so users of earlier builds remain at risk.", "description_and_impact": "An integer overflow was identified in the OrderedHashTable data structure used by Mozilla\u202fFirefox\u2019s JavaScript engine. The flaw can corrupt internal hash tables, and while the CVE description does not state the exact consequence, it is inferred that such corruption could allow an attacker to achieve memory corruption and potentially arbitrary code execution if exploited.", "risk_and_exploitability": "The CVSS score of 9.8 reflects a critical severity, but the EPSS score of less than 1% indicates that the likelihood of exploitation is currently low. The issue is not listed in the CISA KEV catalog. Based on typical attack patterns for JavaScript engine vulnerabilities, the likely vector is malicious web content that triggers the faulty JavaScript code, although this inference is not explicitly confirmed in the CVE data."}}}}, "created": "2025-06-24T09:44:13.971745+00:00", "updated": "2026-04-20T18:15:13.620022+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox"]}