CVE-2025-13021: 
NixOS vulnerability analysis and mitigation

CVE-2025-13021 is a high-severity vulnerability discovered in the Graphics: WebGPU component affecting Firefox versions below 145 and Thunderbird versions below 145. The vulnerability was disclosed on November 11, 2025, and was reported by security researcher Atte Kettunen (Mozilla Advisory).

The vulnerability stems from incorrect boundary conditions in the Graphics: WebGPU component. It has received a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-703 (Improper Check or Handling of Exceptional Conditions) (NVD).

The vulnerability has been assessed with high impact ratings for confidentiality, integrity, and availability. Given its critical CVSS score of 9.8, it potentially allows attackers to execute unauthorized code, modify memory, and cause denial of service conditions leading to crash, exit, or restart of the affected application (Ubuntu).

The vulnerability has been fixed in Firefox 145 and Thunderbird 145. Users are advised to upgrade to these versions or later to mitigate the risk. For Thunderbird specifically, it's noted that these flaws cannot be exploited through email as scripting is disabled when reading mail, but remain potential risks in browser or browser-like contexts (Mozilla Advisory).