CVE-2025-32792 – ses's global contour bindings leak into Compartment lexical scope

https://notcve.org/view.php?id=CVE-2025-32792

18 Apr 2025 — SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using `ses` and the Compartment API to evaluate third-party code in an isolated execution environment that have also elsewhere used `const`, `let`, and `class` bindings in the top-level scope of a `