Mozilla Foundation Security Advisory 2025-87

Security Vulnerabilities fixed in Firefox 145

Announced

November 11, 2025

Impact

high

Products

Firefox

Fixed in

Firefox 145

#CVE-2025-13021: Incorrect boundary conditions in the Graphics: WebGPU component

Reporter: Atte Kettunen
Impact: high

References

Bug 1986431

#CVE-2025-13022: Incorrect boundary conditions in the Graphics: WebGPU component

Reporter: Atte Kettunen
Impact: high

References

Bug 1988488

#CVE-2025-13012: Race condition in the Graphics component

Reporter: Irvan Kurniawan
Impact: high

References

Bug 1991458

#CVE-2025-13023: Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component

Reporter: Oskar L
Impact: high

References

Bug 1992032

#CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component

Reporter: Igor Morgenstern
Impact: high

References

Bug 1992130

#CVE-2025-13024: JIT miscompilation in the JavaScript Engine: JIT component

Reporter: Project KillFuzz of Qrious Secure
Impact: high

References

Bug 1992902

#CVE-2025-13025: Incorrect boundary conditions in the Graphics: WebGPU component

Reporter: Oskar L
Impact: high

References

Bug 1994022

#CVE-2025-13026: Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component

Reporter: Jamie Nicol
Impact: high

References

Bug 1994441

#CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component

Reporter: Mochammad Nosa Shandy Prastyo
Impact: moderate

References

Bug 1980904

#CVE-2025-13018: Mitigation bypass in the DOM: Security component

Reporter: Daniel Veditz
Impact: moderate

References

Bug 1984940

#CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component

Reporter: Oskar L
Impact: moderate

References

Bug 1988412

#CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component

Reporter: Masato Kinugawa
Impact: moderate

References

Bug 1991945

#CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component

Reporter: Andreas Pehrson
Impact: moderate

References

Bug 1995686

#CVE-2025-13014: Use-after-free in the Audio/Video component

Reporter: Andrew Osmond
Impact: moderate

References

Bug 1994241

#CVE-2025-13015: Spoofing issue in Firefox

Reporter: Eemeli Aro
Impact: low

References

Bug 1994164

#CVE-2025-13027: Memory safety bugs fixed in Firefox 145 and Thunderbird 145

Reporter: The Mozilla Fuzzing Team
Impact: high

Description

Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

Memory safety bugs fixed in Firefox 145 and Thunderbird 145

Mozilla VPN

Mozilla Monitor

Firefox Relay

MDN Plus

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising

Mozilla Builders

Mozilla New Products

Security Vulnerabilities fixed in Firefox 145

References

References

References

References

References

References

References

References

References

References

References

References

References

References

References

Description

References