9.8
CVE-2025-11709
- EPSS 0.39%
- Veröffentlicht 14.10.2025 12:27:33
- Zuletzt bearbeitet 13.04.2026 15:16:39
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
Out of bounds read/write in a privileged process triggered by WebGL textures
A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.301 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://bugzilla.mozilla.org/show_bug.cgi?id=1989127
https://www.mozilla.org/security/advisories/mfsa2025-81/
https://www.mozilla.org/security/advisories/mfsa2025-82/
https://www.mozilla.org/security/advisories/mfsa2025-83/
https://www.mozilla.org/security/advisories/mfsa2025-84/
https://www.mozilla.org/security/advisories/mfsa2025-85/
https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html
https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html