CVE-2025-14322

Description

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

PUBLISHED Reserved 2025-12-09 | Published 2025-12-09 | Updated 2025-12-10 | Assigner mozilla

Product status

Credits

Oskar L

References

bugzilla.mozilla.org/show_bug.cgi?id=1996473

www.mozilla.org/security/advisories/mfsa2025-92/

www.mozilla.org/security/advisories/mfsa2025-93/

www.mozilla.org/security/advisories/mfsa2025-94/

www.mozilla.org/security/advisories/mfsa2025-95/

www.mozilla.org/security/advisories/mfsa2025-96/

cve.org (CVE-2025-14322)

nvd.nist.gov (CVE-2025-14322)

Download JSON