CVE-2025-11709
BaseFortify
Publication date: 2025-10-14
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | thunderbird | to 140.0 (inc) |
| mozilla | firefox | From 60.9.0 (exc) |
| mozilla | firefox | From 60.9.0 (exc) |
| mozilla | firefox | From 60.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows a compromised web process to cause out of bounds reads and writes in a more privileged process by using manipulated WebGL textures. Essentially, an attacker can exploit WebGL texture handling to access or modify memory outside the intended boundaries in Firefox and Thunderbird versions before the specified fixed versions.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access or modification of memory in more privileged processes, potentially allowing attackers to execute arbitrary code, cause crashes, or leak sensitive information, thereby compromising the security and stability of affected Firefox and Thunderbird applications.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox to version 144 or later, Firefox ESR to version 115.29 or later, or 140.4 or later, and Thunderbird to version 144 or later or 140.4 or later. Avoid using vulnerable versions to prevent exploitation via manipulated WebGL textures.