URGENT UPDATE: A critical security flaw in Firefox has left over 180 million users vulnerable to potential cyber attacks, as revealed by security researchers today. The vulnerability, identified as CVE-2025-13016, went undetected for six months, allowing attackers to exploit memory corruption through malformed WebAssembly payloads.
The flaw was uncovered by AISLE during an in-depth security analysis, leading to immediate action from Mozilla. “This finding highlights the importance of continuous, AI-driven security research to keep browsers safe for users worldwide,” stated Stanislav Fort, Founder and Chief Scientist at AISLE.
This memory flaw relates to improper pointer arithmetic in Firefox’s WebAssembly garbage-collection implementation, specifically in the StableWasmArrayObjectElements class. Incorrect copying of inline array data can cause significant memory overflows, opening the door for attackers to execute arbitrary code.
The vulnerability is triggered under specific conditions when Firefox switches to a garbage collection-enabled fallback path, primarily during the conversion of WebAssembly arrays into strings. This misstep means that attackers could craft malicious modules to manipulate the browser into triggering the flaw, effectively compromising user data.
Mozilla has acted swiftly, urging all users to upgrade to Firefox 145 or later (or ESR 140.5+) to mitigate risks. Organizations should enforce compliance standards and consider disabling WebAssembly temporarily in high-risk environments where immediate patching cannot occur.
Experts recommend monitoring browser logs for unusual activity and implementing network-level defenses to block malicious content. These actions are critical in limiting exposure and protecting against potential exploitation.
This incident serves as a stark reminder of the growing security risks associated with modern web technologies. As browsers increasingly integrate complex systems like WebAssembly, even minor coding errors can lead to severe security breaches, demonstrating the necessity for robust and proactive security measures.
As users and organizations across the globe react to this alarming development, the ongoing need for vigilant patch management and security assessments has never been clearer. Stay informed and ensure your systems are up to date to safeguard against these pressing threats.
