CVE-2025-14322
BaseFortify
Publication date: 2025-12-09
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | * |
| mozilla | firefox_esr | * |
| mozilla | thunderbird | to 140.6.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox to version 146 or later, or Firefox ESR to version 115.31 or later, where the issue has been fixed. Applying these updates will address the sandbox escape caused by incorrect boundary conditions in the Graphics: CanvasWebGL component. [2]
Can you explain this vulnerability to me?
This vulnerability is a sandbox escape caused by incorrect boundary conditions in the Graphics: CanvasWebGL component of Firefox. It affects versions of Firefox before 146 and Firefox ESR before 115.31 and 140.6. Essentially, it allows an attacker to break out of the restricted environment (sandbox) that normally limits what web content can do, potentially enabling them to execute code or access resources outside the intended boundaries.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to escape the browser's sandbox, which may lead to unauthorized access to system resources or execution of malicious code with higher privileges. This can compromise the security and integrity of your system or data when using affected versions of Firefox.