Sandbox Escape in Firefox due to Boundary Condition Flaws
CVE-2025-14322

8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-14322?

A vulnerability in the CanvasWebGL component of Firefox allows for a sandbox escape due to incorrect boundary conditions. This flaw can potentially enable attackers to execute arbitrary code outside the intended security constraints of the browser. Users of affected versions should apply updates immediately to mitigate the risk, as it compromises the isolation meant to protect users from malicious content.

Affected Version(s)

Firefox < 146

Firefox ESR < 115.31

Firefox ESR < 140.6

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1996473

https://www.mozilla.org/security/advisories/mfsa2025-92/

https://www.mozilla.org/security/advisories/mfsa2025-93/

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

Credit

Oskar L

JSON

Mozilla

What is CVE-2025-14322?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit