CVE-2025-12380: Vulnerability in Mozilla Firefox
Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2.
AI Analysis
Technical Summary
This vulnerability involves a use-after-free condition in the WebGPU-related IPC mechanisms within Mozilla Firefox, introduced starting with Firefox 142. A compromised child process could trigger this flaw to execute code or escape sandbox restrictions by interacting with the GPU or browser process. The issue was addressed and fixed in Firefox version 144.0.2. The vulnerability is tracked as CVE-2025-12380 and is classified under CWE-416 (Use After Free). It carries a CVSS v3.1 base score of 9.8, reflecting its critical severity and ease of exploitation without privileges or user interaction.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker controlling a compromised child process to escape the sandbox environment, potentially leading to arbitrary code execution with elevated privileges in the GPU or browser process. This impacts confidentiality, integrity, and availability of the affected system. No known exploits have been reported in the wild at this time.
Mitigation Recommendations
Mozilla has released an official fix for this vulnerability in Firefox version 144.0.2. Users and administrators should update to Firefox 144.0.2 or later to remediate this issue. There are no indications that additional mitigation steps are required beyond applying the official update.
CVE-2025-12380: Vulnerability in Mozilla Firefox
Description
Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a use-after-free condition in the WebGPU-related IPC mechanisms within Mozilla Firefox, introduced starting with Firefox 142. A compromised child process could trigger this flaw to execute code or escape sandbox restrictions by interacting with the GPU or browser process. The issue was addressed and fixed in Firefox version 144.0.2. The vulnerability is tracked as CVE-2025-12380 and is classified under CWE-416 (Use After Free). It carries a CVSS v3.1 base score of 9.8, reflecting its critical severity and ease of exploitation without privileges or user interaction.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker controlling a compromised child process to escape the sandbox environment, potentially leading to arbitrary code execution with elevated privileges in the GPU or browser process. This impacts confidentiality, integrity, and availability of the affected system. No known exploits have been reported in the wild at this time.
Mitigation Recommendations
Mozilla has released an official fix for this vulnerability in Firefox version 144.0.2. Users and administrators should update to Firefox 144.0.2 or later to remediate this issue. There are no indications that additional mitigation steps are required beyond applying the official update.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-10-28T07:05:52.674Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 6900d1771db591194a8915da
Added to database: 10/28/2025, 2:21:43 PM
Last enriched: 4/14/2026, 11:36:48 AM
Last updated: 5/10/2026, 1:11:09 AM
Views: 500
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.