{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13026", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-11-11T15:12:36.214Z", "datePublished": "2025-11-11T15:47:15.695Z", "dateUpdated": "2026-04-13T14:26:26.316Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "145", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "145", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145."}]}], "title": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994441"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"}], "credits": [{"lang": "en", "value": "Jamie Nicol"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:26:26.316Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-703", "lang": "en", "description": "CWE-703 Improper Check or Handling of Exceptional Conditions"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-11-12T15:17:23.471803Z", "id": "CVE-2025-13026", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-25T14:49:13.214Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-13026", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-12T15:17:23.471803Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-703", "description": "CWE-703 Improper Check or Handling of Exceptional Conditions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T15:19:39.758Z"}}], "cna": {"title": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component", "credits": [{"lang": "en", "value": "Jamie Nicol"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "145", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "145", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994441"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"}], "descriptions": [{"lang": "en", "value": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.", "supportingMedia": [{"type": "text/html", "value": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:26:26.316Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13026", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:26:26.316Z", "dateReserved": "2025-11-11T15:12:36.214Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-11-11T15:47:15.695Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "445D5AED-0882-46FE-A5F1-B7148B923221", "versionEndExcluding": "145.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145."}], "id": "CVE-2025-13026", "lastModified": "2026-04-13T15:16:44.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-11-11T16:15:39.713", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994441"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-703"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component", "id": "2414082", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414082"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["No description is available for this CVE."], "name": "CVE-2025-13026", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-11-11T15:47:15Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-13026\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-13026\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1994441\nhttps://www.mozilla.org/security/advisories/mfsa2025-87/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-20T19:03:28.729183+00:00", "value": {"mitigation_remediation": ["Upgrade to Firefox 145 or newer (or Thunderbird 145 or newer).", "If an upgrade cannot be performed immediately, disable WebGPU by setting `content.setting.webgpu.enabled=false` in preferences or by using the browser\u2019s configuration tools.", "Continue to monitor Mozilla security advisories for any further updates or additional workarounds."], "summary": {"action": "Patch immediately", "impact": "Remote code execution via sandbox escape"}, "threat_synthesis": {"affected_systems": "Mozilla products affected are Firefox and Thunderbird running versions earlier than 145. Users with these browsers should review their installation and update to the latest releases, which contain the fix.", "description_and_impact": "An incorrect boundary check in the Graphics: WebGPU component allows a sandbox escape, enabling an attacker to execute arbitrary code outside the browser or email client sandbox. The flaw maps to control\u2011flow alteration and buffer over\u2011read weaknesses, consistent with CWE\u2011703 and CWE\u2011787, and can be leveraged to compromise confidentiality, integrity, and availability of the host system.", "risk_and_exploitability": "With a CVSS score of 9.8 the vulnerability is considered critical, yet the EPSS score of below 1% indicates that exploitation is currently unlikely. It is not listed in CISA KEV, so no proven exploitation is reported, but a hostile webpage that makes use of WebGPU could trigger the sandbox escape if the affected product is used. Based on the description, it is inferred that a malicious web page could potentially trigger the sandbox escape, though the official advisory does not explicitly confirm this attack vector."}}}}, "created": "2025-11-12T12:42:24.204294+00:00", "updated": "2026-04-20T19:15:15.042490+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox"]}