CRITICAL🇵🇱 Wersja polska

CVE-2025-13022

CVSS 9.8v3.1pub. 2025-11-11upd. 2026-04-13

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

🤖 AI Analysis
How it works

The error concerns incorrect boundary condition checking in the WebGPU component responsible for graphics processing. Improper boundary validation can lead to unexpected memory or program logic behavior. An attacker can trigger the vulnerability through crafted graphic content or WebGPU requests delivered remotely, without requiring user authentication or interaction.

Impact

An attacker can gain full access to sensitive data, compromise system integrity, and cause application unavailability, corresponding to a high impact rating on confidentiality, integrity, and availability (C:H/I:H/A:H).

Mitigation & patch

Mozilla Firefox should be immediately updated to version 145 or later, and Mozilla Thunderbird to version 145 or later. Details available in Mozilla security bulletins: mfsa2025-87 and mfsa2025-90.

Who is affected

Mozilla Firefox versions before 145 and Mozilla Thunderbird versions before 145.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mozilla Firefox

    APP
    Mozilla
    < 145.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-9680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Use-after-free w Animation timelines Firefox/Thunderbird — RCE

CVE-2022-26486CRITICAL9.6⚠ KEVten sam produkt

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...

CVE-2019-11708CRITICAL10.0⚠ KEVten sam produkt

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...

CVE-2010-3765CRITICAL9.8⚠ KEVten sam produkt

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...

CVE-2026-14241CRITICAL9.8ten sam produkt

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...