CRITICAL🇵🇱 Wersja polska

CVE-2025-13021

CVSS 9.8v3.1pub. 2025-11-11upd. 2026-04-13

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

🤖 AI Analysis
How it works

The WebGPU component is responsible for handling graphics and GPU hardware acceleration in the browser. Due to improperly defined boundary conditions (CWE-703 — improper handling of exceptions or error conditions), specially crafted graphic content may trigger unexpected behavior during data processing by the WebGPU engine. An attacker can deliver malicious content over the network without requiring authentication or interaction from the victim, making this vulnerability particularly dangerous.

Impact

Successful exploitation of the vulnerability may allow an attacker to execute code remotely (RCE) in the context of the browser process, and consequently gain full control over the attacked system — compromising its confidentiality, integrity, and availability.

Mitigation & patch

Mozilla Firefox browser should be updated immediately to version 145 or later, and Mozilla Thunderbird mail client should be updated to version 145 or later. Patches are available through official Mozilla distribution channels.

Who is affected

Mozilla Firefox in versions prior to Firefox 145 and Mozilla Thunderbird in versions prior to Thunderbird 145.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mozilla Firefox

    APP
    Mozilla
    < 145.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-9680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Use-after-free w Animation timelines Firefox/Thunderbird — RCE

CVE-2022-26486CRITICAL9.6⚠ KEVten sam produkt

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...

CVE-2019-11708CRITICAL10.0⚠ KEVten sam produkt

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...

CVE-2010-3765CRITICAL9.8⚠ KEVten sam produkt

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...

CVE-2026-14241CRITICAL9.8ten sam produkt

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...