CVE-2025-13016

CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component

Published November 11, 2025
Last update April 13, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Key dates

Disclosure timeline

November 11, 2025 CVE published
April 13, 2026 Record updated