Description
A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.
Published: 2025-10-14
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Immediate Patch
AI Analysis

Impact

A compromised web process was able to trigger out‑of‑bounds reads and writes inside a more privileged process through carefully crafted WebGL textures. The flaw falls under two classic memory corruption weaknesses: reading beyond buffer bounds and writing beyond buffer limits. If successfully exploited, an attacker could corrupt memory in the privileged process, potentially leading to arbitrary code execution and compromising the confidentiality, integrity, or availability of the system.

Affected Systems

The vulnerability affects Mozilla Firefox versions up to 144, the ESR releases 115.29 and 140.4, and also Mozilla Thunderbird up to version 144 with ESR releases 140.4. Users running any earlier or these specified versions should identify the affected product and apply the corresponding update.

Risk and Exploitability

The CVSS score of 9.8 indicates very high severity, while the EPSS of less than 1% suggests a low probability of exploitation at the time of analysis. The vulnerability is not listed in the CISA KEV catalog. The most likely attack vector involves a malicious or compromised web page that can drive the vulnerable WebGL code path. Successful exploitation could result in local privilege escalation or, if the attacker can influence the privileged process, remote code execution on the host.

Generated by OpenCVE AI on April 20, 2026 at 17:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox to version 144 or newer, or the corresponding ESR release (115.29 or 140.4), and upgrade Mozilla Thunderbird to version 144 or newer, or the corresponding ESR release (140.4).
  • If an immediate patch is not available, disable WebGL by setting the preference webgl.disabled to true in the about:config console to block the attack entry point.
  • Deploy system‑level or network controls to restrict or monitor WebGL usage from untrusted origins while awaiting a permanent fix.

Generated by OpenCVE AI on April 20, 2026 at 17:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4335-1 firefox-esr security update
Debian DLA Debian DLA DLA-4351-1 thunderbird security update
Debian DSA Debian DSA DSA-6025-1 firefox-esr security update
Debian DSA Debian DSA DSA-6040-1 thunderbird security update
Ubuntu USN Ubuntu USN USN-7991-1 Thunderbird vulnerabilities
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Mon, 03 Nov 2025 18:30:00 +0000

Type Values Removed Values Added
References

Thu, 30 Oct 2025 16:30:00 +0000

Type Values Removed Values Added
Title thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures Out of bounds read/write in a privileged process triggered by WebGL textures

Mon, 20 Oct 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla firefox Esr
Vendors & Products Mozilla firefox Esr

Fri, 17 Oct 2025 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla thunderbird
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Vendors & Products Mozilla
Mozilla firefox
Mozilla thunderbird

Wed, 15 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 15 Oct 2025 12:30:00 +0000

Type Values Removed Values Added
Title thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures
Weaknesses CWE-125
CWE-787
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important

Tue, 14 Oct 2025 12:30:00 +0000

Type Values Removed Values Added
Description A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
References

Subscriptions

Mozilla Firefox Firefox Esr Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:29:18.098Z

Reserved: 2025-10-13T19:49:59.923Z

Link: CVE-2025-11709

cve-icon Vulnrichment

Updated: 2025-11-03T17:31:46.165Z

cve-icon NVD

Status : Modified

Published: 2025-10-14T13:15:37.093

Modified: 2026-04-13T15:16:39.383

Link: CVE-2025-11709

cve-icon Redhat

Severity : Important

Publid Date: 2025-10-14T12:27:33Z

Links: CVE-2025-11709 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T18:00:11Z

Weaknesses