๐Ÿ” CVE Alert

CVE-2025-12380

CRITICAL 9.8

Use-after-free in WebGPU internals triggered from a compromised child process

CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2.

Vendor mozilla
Product firefox
Ecosystems
Industries
Technology
Published Oct 28, 2025
Last Updated Apr 13, 2026
Stay Ahead of the Next One

Get instant alerts for mozilla firefox

Be the first to know when new critical vulnerabilities affecting mozilla firefox are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Mozilla / Firefox
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
bugzilla.mozilla.org: https://bugzilla.mozilla.org/show_bug.cgi?id=1993113 mozilla.org: https://www.mozilla.org/security/advisories/mfsa2025-86/

Credits

Oskar L