Description
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
Published: 2025-11-11
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution via sandbox escape
Action: Patch immediately
AI Analysis

Impact

An incorrect boundary check in the Graphics: WebGPU component allows a sandbox escape, enabling an attacker to execute arbitrary code outside the browser or email client sandbox. The flaw maps to control‑flow alteration and buffer over‑read weaknesses, consistent with CWE‑703 and CWE‑787, and can be leveraged to compromise confidentiality, integrity, and availability of the host system.

Affected Systems

Mozilla products affected are Firefox and Thunderbird running versions earlier than 145. Users with these browsers should review their installation and update to the latest releases, which contain the fix.

Risk and Exploitability

With a CVSS score of 9.8 the vulnerability is considered critical, yet the EPSS score of below 1% indicates that exploitation is currently unlikely. It is not listed in CISA KEV, so no proven exploitation is reported, but a hostile webpage that makes use of WebGPU could trigger the sandbox escape if the affected product is used. Based on the description, it is inferred that a malicious web page could potentially trigger the sandbox escape, though the official advisory does not explicitly confirm this attack vector.

Generated by OpenCVE AI on April 20, 2026 at 19:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Firefox 145 or newer (or Thunderbird 145 or newer).
  • If an upgrade cannot be performed immediately, disable WebGPU by setting `content.setting.webgpu.enabled=false` in preferences or by using the browser’s configuration tools.
  • Continue to monitor Mozilla security advisories for any further updates or additional workarounds.

Generated by OpenCVE AI on April 20, 2026 at 19:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

Wed, 19 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
Description Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145. Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145.
References

Mon, 17 Nov 2025 12:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*

Wed, 12 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-703
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 12 Nov 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Wed, 12 Nov 2025 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important

Tue, 11 Nov 2025 16:00:00 +0000

Type Values Removed Values Added
Description Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.
Title Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:26:26.316Z

Reserved: 2025-11-11T15:12:36.214Z

Link: CVE-2025-13026

cve-icon Vulnrichment

Updated: 2025-11-12T15:19:39.758Z

cve-icon NVD

Status : Modified

Published: 2025-11-11T16:15:39.713

Modified: 2026-04-13T15:16:44.463

Link: CVE-2025-13026

cve-icon Redhat

Severity : Important

Publid Date: 2025-11-11T15:47:15Z

Links: CVE-2025-13026 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T19:15:15Z

Weaknesses