Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
The WebGPU component is responsible for handling graphics and GPU hardware acceleration in the browser. Due to improperly defined boundary conditions (CWE-703 — improper handling of exceptions or error conditions), specially crafted graphic content may trigger unexpected behavior during data processing by the WebGPU engine. An attacker can deliver malicious content over the network without requiring authentication or interaction from the victim, making this vulnerability particularly dangerous.
Successful exploitation of the vulnerability may allow an attacker to execute code remotely (RCE) in the context of the browser process, and consequently gain full control over the attacked system — compromising its confidentiality, integrity, and availability.
Mozilla Firefox browser should be updated immediately to version 145 or later, and Mozilla Thunderbird mail client should be updated to version 145 or later. Patches are available through official Mozilla distribution channels.
Mozilla Firefox in versions prior to Firefox 145 and Mozilla Thunderbird in versions prior to Thunderbird 145.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMozilla Firefox
APPMozilla< 145.0
Related vulnerabilities
Use-after-free w Animation timelines Firefox/Thunderbird — RCE
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...