{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12380", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-10-28T07:05:52.674Z", "datePublished": "2025-10-28T14:06:34.814Z", "dateUpdated": "2026-04-13T14:31:37.137Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "144.0.2", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2."}]}], "title": "Use-after-free in WebGPU internals triggered from a compromised child process", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1993113"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-86/"}], "credits": [{"lang": "en", "value": "Oskar L"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:37.137Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-10-29T13:52:40.386242Z", "id": "CVE-2025-12380", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-04T15:47:51.527Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-12380", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-29T13:52:40.386242Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-29T13:53:05.089Z"}}], "cna": {"title": "Use-after-free in WebGPU internals triggered from a compromised child process", "credits": [{"lang": "en", "value": "Oskar L"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "144.0.2", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1993113"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-86/"}], "descriptions": [{"lang": "en", "value": "Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2.", "supportingMedia": [{"type": "text/html", "value": "Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:37.137Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12380", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:31:37.137Z", "dateReserved": "2025-10-28T07:05:52.674Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-10-28T14:06:34.814Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "AEB4EA43-F674-47D6-BB82-6C39F6975B73", "versionEndExcluding": "144.0.2", "versionStartIncluding": "142.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2."}], "id": "CVE-2025-12380", "lastModified": "2026-04-13T15:16:41.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-10-28T14:15:57.860", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1993113"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-86/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T19:07:36.076860+00:00", "value": {"mitigation_remediation": ["Upgrade all Firefox installations to version 144.0.2 or later to remove the use\u2011after\u2011free flaw.", "Temporarily disable WebGPU by setting the dom.webgpu.enabled preference to false in the Firefox configuration until the software patch is applied.", "Enable system\u2011level monitoring of child processes and IPC calls to detect anomalous WebGPU activity, and implement alerts for suspicious behavior."], "summary": {"action": "Immediate Patch", "impact": "Use-after-free leading to potential child sandbox escape"}, "threat_synthesis": {"affected_systems": "All Firefox installations starting with version 142 up to 144.0.1 on any platform are affected. The vulnerability was resolved in Firefox 144.0.2 and later releases.", "description_and_impact": "A compromised child process can trigger a use\u2011after\u2011free in Firefox\u2019s GPU or browser process through WebGPU IPC calls, allowing the attacker to potentially escape the child process sandbox. The flaw stems from improper deallocation of GPU resource handles (CWE\u2011416) and can lead to execution of arbitrary code or data disclosure within the host process.", "risk_and_exploitability": "The CVSS score of 9.8 indicates critical severity, but the EPSS score of less than 1% suggests a very low likelihood of active exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. Exploitability requires a child process to be compromised and to send malicious WebGPU IPC messages; no public exploitation reports exist yet, so the primary threat is theoretical until an adversary finds a vector to compromise a child process."}}}}, "created": "2025-10-29T10:58:06.654225+00:00", "updated": "2026-04-20T19:15:15.046018+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox"]}