CVE-2025-13024 – A critical JIT miscompilation vulnerability in ... (How to Fix)

Q: How do I fix CVE-2025-13024?

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update check and installation. 4. Restart browser/email client when prompted.

Q: What is the severity of CVE-2025-13024?

CVE-2025-13024 has a CVSS score of 9.8 (CRITICAL). A critical JIT miscompilation vulnerability in Firefox and Thunderbird's JavaScript engine allows arbitrary code execution when users visit malicious websites or open malicious emails. This affects all Firefox versions before 145 and Thunderbird versions before 145. Attackers can exploit this to take complete control of affected systems.

📋 TL;DR

A critical JIT miscompilation vulnerability in Firefox and Thunderbird's JavaScript engine allows arbitrary code execution when users visit malicious websites or open malicious emails. This affects all Firefox versions before 145 and Thunderbird versions before 145. Attackers can exploit this to take complete control of affected systems.

💻 Affected Systems

Products:

Mozilla Firefox
Mozilla Thunderbird

Versions: Firefox < 145, Thunderbird < 145

Operating Systems: Windows, Linux, macOS, All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. JavaScript must be enabled (default).

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution, allowing attackers to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Drive-by compromise when users visit malicious websites or open malicious emails, leading to malware installation and data theft.

🟢

If Mitigated

Limited impact with proper network segmentation and application sandboxing, though code execution within browser context still possible.

🌐 Internet-Facing: HIGH - Exploitable via malicious websites or emails without user interaction beyond visiting/opening.

🏢 Internal Only: MEDIUM - Requires user to visit malicious internal sites or open malicious emails, but lateral movement possible after initial compromise.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user to visit malicious website or open malicious email. No authentication required. Likely to be weaponized quickly given high CVSS score.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 145, Thunderbird 145

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-87/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update check and installation. 4. Restart browser/email client when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript to prevent exploitation, but will break most website functionality.

Firefox: about:config → javascript.enabled = false
Thunderbird: about:config → javascript.enabled = false

Use Content Security Policy

all

Implement strict CSP headers to limit script execution sources.

Content-Security-Policy: script-src 'self'

🧯 If You Can't Patch

Isolate affected systems from internet and untrusted networks
Implement application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check Firefox/Thunderbird version in About dialog. If version is less than 145, system is vulnerable.

Check Version:

Firefox: about:support → Application Basics → Version. Thunderbird: about:support → Application Basics → Version.

Verify Fix Applied:

Confirm version is 145 or higher in About dialog after update.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Firefox/Thunderbird
Crash reports from browser/email client
Suspicious JavaScript execution patterns

Network Indicators:

Connections to known malicious domains from browser process
Unusual outbound traffic patterns

SIEM Query:

process_name:"firefox.exe" OR process_name:"thunderbird.exe" AND (parent_process!="explorer.exe" OR command_line CONTAINS suspicious_pattern)

📊 Metadata

CVE ID: CVE-2025-13024

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-733

EPSS Score: 0.06% exploit probability (19.7th percentile)

Published: November 11, 2025

Last Updated: November 19, 2025

🔗 References

https://bugzilla.mozilla.org/show_bug.cgi?id=1992902 Permissions Required
https://www.mozilla.org/security/advisories/mfsa2025-87/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-90/

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13024, you might also want to check these: