Primary

Context

Mozilla Firefox Use-After-Free Vulnerability in WebGPU Internals Allowing Sandbox Escape

Vulnerability

Patched

A use-after-free vulnerability has been identified in Mozilla Firefox versions prior to 144.0.2. This issue arises from WebGPU-related inter-process communication (IPC) calls, starting with Firefox 142. A compromised child process could exploit this vulnerability to trigger the use-after-free condition in the GPU or browser process, potentially escaping the child process sandbox.

Impact

Exploitation of this vulnerability could lead to a sandbox escape from a compromised child process.

Remediation

Users can upgrade to Firefox 144.0.2 to address this vulnerability.

Added: Oct 28, 2025, 2:19 PM

Updated: Oct 28, 2025, 2:19 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox Use-After-Free Vulnerability in WebGPU Internals Allowing Sandbox Escape

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating