Out of Bounds Read and Write Vulnerability in Mozilla Firefox and Thunderbird
CVE-2025-11709

Currently unrated

Key Information:

Vendor

Mozilla
Status
Firefox
Firefox Esr
Thunderbird
Vendor
CVE Published:
14 October 2025

What is CVE-2025-11709?

A vulnerability exists in Mozilla Firefox and Thunderbird that enables a compromised web process to initiate out-of-bounds reads and writes within a more privileged process. This risk is introduced through manipulated WebGL textures, allowing attackers to bypass security measures. The affected versions include Firefox versions below 144, specific Firefox ESR versions below 115.29 and 140.4, as well as Thunderbird versions below 144 and 140.4. Users should ensure they are running the latest versions to mitigate this potential threat.

Affected Version(s)

Firefox < 144

Firefox ESR < 115.29

Firefox ESR < 140.4

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1989127
https://www.mozilla.org/security/advisories/mfsa2025-81/
https://www.mozilla.org/security/advisories/mfsa2025-82/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Oskar L
JSON
.
CVE-2025-11709 : Out of Bounds Read and Write Vulnerability in Mozilla Firefox and Thunderbird