CVE-2026-5733
Boundary Check Error in Firefox WebGPU Causes Potential Exploit
Publication date: 2026-04-07
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 149.0.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability involves incorrect boundary conditions in the Graphics: WebGPU component of Firefox versions prior to 149.0.2.
Such a flaw could potentially lead to unexpected behavior or security issues when rendering graphics, possibly allowing an attacker to exploit the browser's graphics processing.
Can you explain this vulnerability to me?
This vulnerability is due to incorrect boundary conditions in the Graphics: WebGPU component of Firefox versions earlier than 149.0.2.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update Mozilla Firefox and Thunderbird to version 149.0.2 or later.
This update addresses the incorrect boundary conditions in the Graphics: WebGPU component and includes fixes for multiple other high-impact memory safety and integer overflow bugs.