A subtle coding error in the WebAssembly implementation that sat undetected for six months could have let bad actors to run arbitrary code.

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

A stack buffer overflow vulnerability in Firefox's WebAssembly implementation went undetected for six months, affecting over 180 million users across versions 143-145. The flaw, caused by a pointer arithmetic error in garbage collection logic, passed code review and regression testing before being discovered by Aisle's AI-driven analyzer. Mozilla patched the high-severity issue (CVE-2025-13016, CVSS 7.5) within two weeks of disclosure. The vulnerability could have allowed arbitrary code execution when WebAssembly arrays triggered specific memory pressure conditions during garbage collection.

Undetected Firefox WebAssembly Flaw Put 180 Million Users at Risk