CVE-2025-11709: thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures

Severity: Critical

CVSS Score: 9.8

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.