Sandbox Escape Vulnerability in Firefox WebGPU Component
CVE-2025-13026

9.8CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-13026?

A vulnerability has been identified in the Graphics: WebGPU component of Firefox, which allows for a sandbox escape due to incorrect boundary conditions. This could potentially enable attackers to break out of the restricted environment of the WebGPU component, posing risks to user data and system integrity. Users are encouraged to update to the latest version of Firefox to mitigate any potential threats.

Affected Version(s)

Firefox < 145

Thunderbird < 145

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1994441

https://www.mozilla.org/security/advisories/mfsa2025-87/

https://www.mozilla.org/security/advisories/mfsa2025-90/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Nov 11, 2025

Credit

Jamie Nicol

JSON

Mozilla

What is CVE-2025-13026?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit