CVE-2025-49710: 
NixOS vulnerability analysis and mitigation

An integer overflow vulnerability (CVE-2025-49710) was discovered in the OrderedHashTable component of Firefox's JavaScript engine. The vulnerability was reported by security researcher Shaheen Fazim and affects Firefox versions prior to 139.0.4. The issue was publicly disclosed on June 10, 2025 (Mozilla Advisory, NVD).

The vulnerability is classified as an Integer Overflow or Wraparound (CWE-190) that exists in the OrderedHashTable component used by Firefox's JavaScript engine. The issue received a CVSS v3.1 base score of 9.8 (CRITICAL) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating it is a critical severity issue with network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

The vulnerability has been assessed with a critical severity rating (CVSS score: 9.8), indicating potential for complete compromise of system confidentiality, integrity, and availability. The high impact rating suggests that successful exploitation could lead to significant security implications for affected systems (NVD, Wiz).

Mozilla has addressed this vulnerability in Firefox version 139.0.4. Users and administrators are strongly advised to upgrade to this version to mitigate the risk. The fix has been confirmed and is available through the standard update channels (Mozilla Advisory).