CVE-2025-14322

HIGH
2025-12-09 [email protected]
Mozilla Information Disclosure Thunderbird Redhat Suse
8.0
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Apr 13, 2026 - 16:10 vuln.today

DescriptionNVD

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

AnalysisAI

Sandbox escape in Mozilla Firefox and Thunderbird's CanvasWebGL component allows remote attackers to bypass security boundaries via crafted web content with user interaction. Affects Firefox <146, Firefox ESR <115.31 and <140.6, Thunderbird <146 and Thunderbird ESR <140.6. EPSS probability is low (0.06%, 20th percentile), and no public exploit identified at time of analysis. The CVSS score of 8.0 reflects high confidentiality and integrity impact with scope change, though attack complexity is high and requires user interaction.

Technical ContextAI

This vulnerability exploits incorrect boundary conditions (CWE-754) in the Graphics subsystem, specifically the CanvasWebGL component which implements the WebGL API for hardware-accelerated graphics rendering in browsers. Boundary condition errors occur when software fails to properly validate input limits or resource boundaries, allowing operations to exceed intended constraints. In the context of browser sandboxing, WebGL code normally executes within a restricted environment that isolates rendering operations from the broader system. The incorrect boundary handling in CanvasWebGL allows malicious content to escape these sandbox restrictions, potentially accessing resources or executing operations outside the intended security boundary. The Changed Scope (S:C) in the CVSS vector confirms this boundary violation, where the vulnerable component's security scope differs from the impacted resources. Mozilla's sandboxing architecture typically isolates content processes from privileged browser operations and the underlying operating system.

RemediationAI

Vendor-released patches are available and should be applied immediately. Upgrade Firefox mainline installations to version 146 or later, Firefox ESR installations to version 115.31 or 140.6 (depending on ESR track), Thunderbird mainline to version 146 or later, and Thunderbird ESR to version 140.6 or later. Mozilla's automatic update mechanism will deliver these fixes to most users, but enterprise deployments using managed update channels should prioritize patch deployment. Verify successful updates by navigating to About Firefox or About Thunderbird in the application menu. No workarounds are documented; patching is the only effective mitigation. Complete remediation guidance is available in Mozilla Security Advisories at https://www.mozilla.org/security/advisories/mfsa2025-92/ (Firefox 146), https://www.mozilla.org/security/advisories/mfsa2025-93/ (Firefox ESR 140.6), https://www.mozilla.org/security/advisories/mfsa2025-94/ (Firefox ESR 115.31), https://www.mozilla.org/security/advisories/mfsa2025-95/ (Thunderbird 146), and https://www.mozilla.org/security/advisories/mfsa2025-96/ (Thunderbird ESR 140.6).

Vendor StatusVendor

Share

CVE-2025-14322 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy