CVE-2025-13022: 
NixOS vulnerability analysis and mitigation

CVE-2025-13022 is a security vulnerability discovered in the Graphics: WebGPU component affecting Firefox versions below 145 and Thunderbird versions below 145. The vulnerability was disclosed on November 11, 2025, and was reported by security researcher Atte Kettunen (Mozilla Advisory).

The vulnerability stems from incorrect boundary conditions in the Graphics: WebGPU component. It has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a network-exploitable vulnerability with low attack complexity requiring no privileges or user interaction. The vulnerability is classified under CWE-703 (Improper Check or Handling of Exceptional Conditions) (NVD, Ubuntu).

The vulnerability has been rated as having a high impact. When exploited, it could potentially lead to complete compromise of system confidentiality, integrity, and availability. In Thunderbird, the risk is somewhat mitigated as scripting is disabled when reading mail, but the vulnerability remains a potential risk in browser or browser-like contexts (Mozilla Advisory).

The vulnerability has been fixed in Firefox 145 and Thunderbird 145. Users are strongly advised to upgrade to these versions or later to mitigate the risk. For Ubuntu systems, the fix has been implemented in version 145.0.1-1 of the firefox package (Debian).