CVE-2025-49710
NixOS 취약성 분석 및 완화

개요

CVE-2025-49710 is an integer overflow vulnerability in the OrderedHashTable component of Mozilla Firefox's JavaScript engine. Discovered and reported by external researcher Shaheen Fazim, it was publicly disclosed on June 10, 2025, alongside the release of Firefox 139.0.4. The vulnerability affects all Firefox versions prior to 139.0.4; Firefox ESR 115 and ESR 128 are unaffected. It carries a CVSS v3.1 base score of 9.8 (Critical) (Mozilla Advisory, Feedly).

기술적 세부 사항

The root cause is an integer overflow (CWE-190) in OrderedHashTableImpl::rehash(), triggered when the JavaScript engine's Map or Set objects grow to an extremely large number of entries. The code used a size_t value for the desired allocation size but passed it to AllocNurseryOrMallocBuffer, which accepts only a uint32_t argument — causing a truncation/overflow when the entry count exceeds approximately 170 million, far beyond what Chrome (16 million) or JavaScriptCore (25 million) allow. This results in an undersized buffer allocation followed by an out-of-bounds memcpy write (SEGV WRITE in __memcpy_avx_unaligned_erms), as confirmed by AddressSanitizer output in the bug report. The fix restricts the maximum number of Map/Set entries to prevent the overflow condition (Mozilla Bugzilla, Mozilla Advisory).

영향

Successful exploitation could lead to memory corruption, enabling an attacker to potentially execute arbitrary code in the context of the browser process, compromise browser integrity, or cause application crashes. Because the vulnerability resides in the JavaScript engine, it could be triggered by a malicious web page visited by a user, affecting confidentiality, integrity, and availability of the browser and potentially the underlying system. The vulnerability is rated high impact by Mozilla and carries a critical CVSS score reflecting the potential for unauthenticated remote code execution (Mozilla Advisory, Feedly).

착취 단계

  1. Craft a malicious web page: Create an HTML page containing JavaScript that instantiates a Map or Set object and populates it with an extremely large number of entries (approaching or exceeding ~170 million) to trigger the integer overflow in OrderedHashTableImpl::rehash().
  2. Trigger the overflow: As the Map/Set grows, the engine calls rehash(), which computes a size_t allocation size that overflows when cast to uint32_t, resulting in an undersized buffer being allocated.
  3. Cause out-of-bounds write: The subsequent memcpy into the undersized buffer writes beyond its bounds, corrupting adjacent heap memory.
  4. Achieve code execution (theoretical): With sufficient heap shaping and memory manipulation techniques, an attacker could potentially redirect execution flow to attacker-controlled code, though reliable exploitation would require additional effort beyond the basic crash (Mozilla Bugzilla).

타협의 징후

  • Process: Firefox process crashing or becoming unresponsive after visiting a web page; abnormal memory consumption by the Firefox process reaching multi-gigabyte levels.
  • Logs: Browser crash reports referencing OrderedHashTableImpl::rehash or __memcpy_avx_unaligned_erms in stack traces; AddressSanitizer output with SEGV WRITE signals (in debug builds).
  • Network: Unexpected outbound connections from the Firefox process following a page visit to an unknown or suspicious domain, which could indicate post-exploitation activity.

완화 및 해결 방법

Mozilla has released Firefox 139.0.4, which resolves this vulnerability by restricting the maximum number of entries allowed in Map and Set objects, preventing the integer overflow condition. Firefox ESR 115 and ESR 128 are unaffected and do not require updates for this specific issue. Users should update Firefox to version 139.0.4 or later immediately, and enabling automatic browser updates is strongly recommended to ensure timely patching of future issues (Mozilla Advisory, Mozilla Bugzilla).

커뮤니티 반응

The CIS issued an advisory noting that multiple vulnerabilities in Firefox 139.0.4, including CVE-2025-49710, could allow for arbitrary code execution (CIS Advisory). SecurityWeek covered the release alongside Chrome updates, framing both as high-severity memory bug fixes. Security news outlets including CyberSecurityNews and SecurityOnline.info highlighted the critical CVSS score and potential for remote code execution. Community reaction was generally focused on the urgency of updating, with the vulnerability receiving a security bounty from Mozilla (Mozilla Bugzilla).

추가 자료


근원이 보고서는 AI를 사용하여 생성되었습니다.

관련 NixOS 취약점:

CVE ID

심각도

점수

기술

구성 요소 이름

CISA KEV 익스플로잇

수정 사항이 있습니다.

게시된 날짜

CVE-2026-59257MEDIUM5.3
  • NixOS logoNixOS
  • n8n
아니요Jul 08, 2026
CVE-2026-59253MEDIUM5.3
  • NixOS logoNixOS
  • n8n
아니요Jul 08, 2026
CVE-2026-56778MEDIUM5.3
  • NixOS logoNixOS
  • n8n
아니요Jul 08, 2026
CVE-2026-56776MEDIUM5.3
  • NixOS logoNixOS
  • n8n
아니요Jul 08, 2026
CVE-2026-56775MEDIUM5.3
  • NixOS logoNixOS
  • n8n
아니요Jul 08, 2026

무료 취약성 평가

클라우드 보안 태세를 벤치마킹합니다

9개의 보안 도메인에서 클라우드 보안 관행을 평가하여 위험 수준을 벤치마킹하고 방어의 허점을 식별합니다.

평가 요청

추가 Wiz 리소스

맞춤형 데모 받기

맞춤형 데모 신청하기

"내가 본 최고의 사용자 경험은 클라우드 워크로드에 대한 완전한 가시성을 제공합니다."
데이비드 에슬릭최고정보책임자(CISO)
"Wiz는 클라우드 환경에서 무슨 일이 일어나고 있는지 볼 수 있는 단일 창을 제공합니다."
아담 플레처최고 보안 책임자(CSO)
"우리는 Wiz가 무언가를 중요한 것으로 식별하면 실제로 중요하다는 것을 알고 있습니다."
그렉 포니아토프스키위협 및 취약성 관리 책임자