← Back

CVE-2025-9180

nvd nist
Published: Aug 19, 2025Modified: Apr 13, 2026

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Exploitability: 2.8 / Impact: 5.2
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

Affected (7)

Mozilla
2 products
Firefox
Thunderbird
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Mozilla
Firefox
Before 142.0
Firefox
Before 115.27.0
Firefox
From 128.0 to 128.14.0
Firefox
From 140.0 to 140.2.0
Mozilla
Thunderbird
Before 142.0
Thunderbird
Before 128.14.0
Thunderbird
From 140.0 to 140.2.0

Related CWEs

CWE-346
Origin Validation Error
The product does not properly verify that the source of data or communication is valid.

References (10)

Source: security@mozilla.org
Issue TrackingPermissions Required
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.