PT-2025-43668 · Mozilla+9 · Firefox Esr+10

Oskar L

·

Published

2025-01-01

·

Updated

2026-02-06

·

CVE-2025-14322

CVSS v3.1

8.0

High

VectorAV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 146 Firefox ESR versions prior to 115.31 Firefox ESR versions prior to 140.6
Description A sandbox escape exists because of incorrect boundary conditions within the Graphics: CanvasWebGL component. Real-world attacks are exploiting access control, HVAC, fire alarms, and UPS systems.
Recommendations Update Firefox to version 146 or later. Update Firefox ESR to version 115.31 or later. Update Firefox ESR to version 140.6 or later.

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

ALSA-2025:23034
ALSA-2025:23035
ALSA-2025:23128
ALSA-2025:23856
ALSA-2026:0025
ALSA-2026:0026
BDU:2025-15639
CVE-2025-14322
DLA-4401-1
DLA-4405-1
DSA-6078-1
DSA-6081-1
MGASA-2025-0328
MGASA-2025-0329
OESA-2026-1085
OESA-2026-1086
OESA-2026-1088
OESA-2026-1089
OESA-2026-1090
OESA-2026-1264
OESA-2026-1285
OPENSUSE-SU-2025:15809-1
OPENSUSE-SU-2025:15813-1
OPENSUSE-SU-2025:15814-1
OPENSUSE-SU-2026:20014-1
OPENSUSE-SU-2026:20046-1
RHSA-2026:0003
RHSA-2026:0004
RHSA-2026:0005
RHSA-2026:0006
RHSA-2026:0007
RHSA-2026:0013
RHSA-2026:0014
RHSA-2026:0015
RHSA-2026:0016
RHSA-2026:0017
RHSA-2026:0018
RHSA-2026:0019
RHSA-2026:0020
RHSA-2026:0021
RHSA-2026:0022
RHSA-2026:0023
RHSA-2026:0024
RHSA-2026:0025
RHSA-2026:0026
RHSA-2026:0124
RHSA-2026:0127
SUSE-SU-2025:4396-1
SUSE-SU-2025:4397-1
SUSE-SU-2025:4424-1
SUSE-SU-2026:20031-1
USN-7991-1

Affected Products

Alt Linux
Almalinux
Centos
Debian
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Ubuntu