CVE-2025-11709: thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures

Severity: Critical

CVSS Score: 9.8

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.