Mozilla Foundation Security Advisory 2025-86

Security Vulnerabilities fixed in Firefox 144.0.2

Announced

October 28, 2025

Impact

high

Products

Firefox

Fixed in

Firefox 144.0.2

#CVE-2025-12380: Use-after-free in WebGPU internals triggered from a compromised child process

Reporter: Oskar L
Impact: high

Description

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox.

References

Bug 1993113

Mozilla VPN

Mozilla Monitor

Firefox Relay

MDN Plus

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising

Mozilla Builders

Mozilla New Products