{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13023", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-11-11T15:12:29.824Z", "datePublished": "2025-11-11T15:47:13.943Z", "dateUpdated": "2026-04-13T14:26:18.949Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "145", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "145", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145."}]}], "title": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992032"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"}], "credits": [{"lang": "en", "value": "Oskar L"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:26:18.949Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-703", "lang": "en", "description": "CWE-703 Improper Check or Handling of Exceptional Conditions"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-11-13T15:18:41.244453Z", "id": "CVE-2025-13023", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-25T14:55:34.565Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-13023", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-13T15:18:41.244453Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-703", "description": "CWE-703 Improper Check or Handling of Exceptional Conditions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-13T15:19:45.744Z"}}], "cna": {"title": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component", "credits": [{"lang": "en", "value": "Oskar L"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "145", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "145", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992032"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"}], "descriptions": [{"lang": "en", "value": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.", "supportingMedia": [{"type": "text/html", "value": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:26:18.949Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13023", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:26:18.949Z", "dateReserved": "2025-11-11T15:12:29.824Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-11-11T15:47:13.943Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "445D5AED-0882-46FE-A5F1-B7148B923221", "versionEndExcluding": "145.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145."}], "id": "CVE-2025-13023", "lastModified": "2026-04-13T15:16:43.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-11-11T16:15:39.403", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992032"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-703"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component", "id": "2414087", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414087"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["No description is available for this CVE."], "name": "CVE-2025-13023", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-11-11T15:47:13Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-13023\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-13023\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1992032\nhttps://www.mozilla.org/security/advisories/mfsa2025-87/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-20T19:04:25.955522+00:00", "value": {"mitigation_remediation": ["Update Firefox and Thunderbird to version 145 or newer, which includes the WebGPU boundary check fix.", "If an upgrade cannot be performed immediately, disable the WebGPU feature by setting dom.webgpu.enabled to false in the about:config preferences of Firefox and Thunderbird.", "Continuously monitor Mozilla security advisories for any additional patches or workarounds related to WebGPU to ensure ongoing protection."], "summary": {"action": "Immediate Patch", "impact": "Sandbox escape that can lead to arbitrary code execution"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox and Thunderbird versions released before 145 are affected. The fix was applied in Firefox\u202f145 and Thunderbird\u202f145, so any instance running a prior release is vulnerable. The issue is not vendor\u2011specific beyond these products and does not affect other Mozilla applications.", "description_and_impact": "This vulnerability arises from incorrect boundary checks in the Graphics: WebGPU component, which allows a malicious actor to escape the sandbox and write beyond intended memory limits. The exploitation can compromise the confidentiality, integrity, and availability of the host system, potentially enabling full control over the affected application and, by extension, the underlying operating system. The weakness is characterized by CWE\u2011787 (Out\u2011of\u2011Bounds Write) and CWE\u2011703 (Incorrect Resource Usage).", "risk_and_exploitability": "The CVSS score of 9.8 indicates a critical severity level. The EPSS score of less than 1% suggests a low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to involve malicious WebGPU code executed in a web page or mail message, which could be delivered locally or remotely depending on the user\u2019s browsing or email habits. If such code runs, the sandbox escape can allow arbitrary code execution with the same privileges as the application. The risk remains high until the vulnerability is mitigated."}}}}, "created": "2025-11-12T12:42:32.442442+00:00", "updated": "2026-04-20T19:15:15.043877+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox"]}