PT-2025-33867 · Mozilla+10 · Thunderbird+12
Tom Van Goethem
·
Published
2025-08-19
·
Updated
2026-02-02
·
CVE-2025-9180
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Firefox versions prior to 142
Firefox ESR versions prior to 115.27
Firefox ESR versions prior to 128.14
Firefox ESR versions prior to 140.2
Thunderbird versions prior to 142
Thunderbird versions prior to 128.14
Thunderbird versions prior to 140.2
Description:
A same-origin policy bypass exists in the Graphics: Canvas2D component.
Recommendations:
Update Firefox to version 142 or later.
Update Firefox ESR to version 115.27 or later.
Update Firefox ESR to version 128.14 or later.
Update Firefox ESR to version 140.2 or later.
Update Thunderbird to version 142 or later.
Update Thunderbird to version 128.14 or later.
Update Thunderbird to version 140.2 or later.
Fix
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Debian
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu