—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Use-after-free Vulnerability in Mozilla Firefox 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Mozilla Firefox version prior to 144.0.2

Overview

A vulnerability has been reported in Mozilla Firefox which could allow a remote attacker to execute arbitrary code on a targeted system.

Target Audience:

All end-user organizations and individuals using Mozilla Products.

Risk Assessment:

High risk of unauthorized access to sensitive data

Impact Assessment:

Potential for remote code execution, system compromise.

Description

Mozilla Firefox is a free and open-source web browser developed by Mozilla Foundation.

This vulnerability exists in Mozilla Firefox due to use-after-free in WebGPU internals triggered from a compromised child process. A remote attacker could exploit this vulnerability by sending a specially crafted request.

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code or cause denial of service (DoS) condition on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.mozilla.org/en-US/security/advisories/mfsa2025-86/

Vendor Information

Mozilla Firefox

https://www.mozilla.org/en-US/security/advisories/mfsa2025-86/

References

Mozilla Firefox

https://www.mozilla.org/en-US/security/advisories/mfsa2025-86/

CVE Name

CVE-2025-12380

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkCJC0ACgkQ3jCgcSdc

ys8UaA/5AUuILAt85mvJgJjfxjlVA9OES1j1ndkH46s614V1eSKNb1BqWdpJnHgl

7G/gin2T/bsOCLL0QYq6Wlk07+n5HNJRo48xvEVQnUiT51s94dqN5Jpng95dWV9c

BdOulru89/Gtgt9ct9HBP1kRp1DppXAhQ7VmHxQItqo7WU+lGMFHKePrgjMcTHqm

7hmAecIhC9H3aqs6/3ObcSly/LQ83ua8jSJoeRWM8fVHIaIkR/oU5n69gPSBZKB5

AVagHro+IyDE/EC8VMUHNbidtMXuWnKgwUaBLJVr9Cv8aeXgKYpNfR9P+yY1KOYB

g040vrGOAFqwkNj+TDRLJ6l1B1bl1OA9NuBJ0P81Cre2nSN0ZRg+WmjhOh/r68R6

I/FVfSvp0s3yHtf15xV0Yhfaz0Da9RAfaD0/zo0O24tpJFylT/Lti716eXHG507q

3cX1FmzQ0IWt8/CdcfHfFCX2gS7/TfkY3h4RJ0huh/wxGGKOKgbF6E/M91SQsk4X

GfXr5MNat/AJt9q19IgAjV9uztjv+H9ffZSWXM4gjXJfIeEA0cOqSxSkKOkZHHEl

xs5NyaHwrAtd79iv61Sy5BL8BsNyldFXfhPr1O4BdMihxp61nFFdgfBbFi000Ylz

Lv94q2T4ObpCnRwOYytm1S7LuQlKzg1ZNyFHVCItvil8lCQPTqw=

=3JTr

—–END PGP SIGNATURE—–