Incorrect boundary conditions in the WebGPU component of Mozilla's graphics engine can lead to memory corruption or out‑of‑bounds memory access. The vulnerability is classified under CWE-805 and CWE-276, indicating potential buffer errors and permission or access control issues, and is rated with a CVSS score of 7.5. The impact could compromise data confidentiality, integrity, or availability of the affected system, but the description does not explicitly state arbitrary code execution.

Affected software includes Mozilla Firefox and Mozilla Thunderbird. The issue exists in all releases prior to version 145 for both products. The official fix was introduced in Firefox 145 and Thunderbird 145, restoring proper bounds checking and permission policies.

The EPSS score of less than 1% indicates that exploitation is currently rare, and the vulnerability is not listed in the CISA KEV catalog. The CVSS rating of 7.5 suggests a high potential impact should the flaw be successfully triggered, but the actual risk depends on the ability to invoke WebGPU from malicious sources. Based on the description, it is inferred that the attack vector could involve malicious web content that activates WebGPU, potentially triggering the memory corruption. Monitoring for exploitation is advised, but the low exploitation probability and absence from KEV reduce immediate risk.