Out of Bounds Read and Write Vulnerability in Mozilla Firefox and Thunderbird
CVE-2025-11709

9.8CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-11709?

A vulnerability exists in Mozilla Firefox and Thunderbird that enables a compromised web process to initiate out-of-bounds reads and writes within a more privileged process. This risk is introduced through manipulated WebGL textures, allowing attackers to bypass security measures. The affected versions include Firefox versions below 144, specific Firefox ESR versions below 115.29 and 140.4, as well as Thunderbird versions below 144 and 140.4. Users should ensure they are running the latest versions to mitigate this potential threat.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Firefox < 144

Firefox ESR < 115.29

Firefox ESR < 140.4

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1989127

https://www.mozilla.org/security/advisories/mfsa2025-81/

https://www.mozilla.org/security/advisories/mfsa2025-82/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Oct 13, 2025

Credit

Oskar L

JSON

Mozilla

What is CVE-2025-11709?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.