Vulnerability-Lookup

CVE-2025-10533 (GCVE-0-2025-10533)

Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2026-04-13 14:28

Title

Integer overflow in the SVG component

Summary

Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=1980788
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.28 , ≤ 115.* (rpm) Unaffected: 140.3 , ≤ 140.* (rpm) Unaffected: 143 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.3 , ≤ 140.* (rpm) Unaffected: 143 , ≤ * (rpm)

Credits

Andrew Creskey

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10533",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-16T13:44:57.212905Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-16T13:45:01.113Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:08:34.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.28",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.3",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "143",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.3",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "143",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Andrew Creskey"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
            }
          ],
          "value": "Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T14:28:19.829Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-74/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
        }
      ],
      "title": "Integer overflow in the SVG component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-10533",
    "datePublished": "2025-09-16T12:26:34.655Z",
    "dateReserved": "2025-09-16T06:48:44.680Z",
    "dateUpdated": "2026-04-13T14:28:19.829Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-10533",
      "date": "2026-05-26",
      "epss": "0.001",
      "percentile": "0.27206"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-10533\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2025-09-16T13:15:47.553\",\"lastModified\":\"2026-04-13T15:16:36.860\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionEndExcluding\":\"115.28.0\",\"matchCriteriaId\":\"0C4F56EB-4823-4A3E-81CE-FE4459F7CCB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"143.0\",\"matchCriteriaId\":\"6071B71C-B967-45B9-8CA4-1CB0A9E24D1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionStartIncluding\":\"116.0\",\"versionEndExcluding\":\"140.3\",\"matchCriteriaId\":\"EBFDA6E8-A670-4F6D-AB7E-83611B97E14F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"140.3.0\",\"matchCriteriaId\":\"3A5AA31F-5E87-4759-9E8B-D12A91F10CFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"141.0\",\"versionEndExcluding\":\"143.0\",\"matchCriteriaId\":\"6FA9EF30-CE04-4A16-8083-E3A773AF2AB8\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1980788\",\"source\":\"security@mozilla.org\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-73/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-74/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-75/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-77/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-78/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T18:08:34.662Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-10533\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-16T13:44:57.212905Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190 Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-16T13:43:17.420Z\"}}], \"cna\": {\"title\": \"Integer overflow in the SVG component\", \"credits\": [{\"lang\": \"en\", \"value\": \"Andrew Creskey\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"115.28\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"115.*\"}, {\"status\": \"unaffected\", \"version\": \"140.3\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"140.*\"}, {\"status\": \"unaffected\", \"version\": \"143\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"*\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"140.3\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"140.*\"}, {\"status\": \"unaffected\", \"version\": \"143\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"*\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1980788\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-73/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-74/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-75/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-77/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-78/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2026-04-13T14:28:19.829Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-10533\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-13T14:28:19.829Z\", \"dateReserved\": \"2025-09-16T06:48:44.680Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2025-09-16T12:26:34.655Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2025-AVI-0797

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Mozilla	Thunderbird	Thunderbird versions antérieures à 140.3
Mozilla	Firefox Focus	Focus pour iOS versions antérieures à 143.0
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 140.3
Mozilla	Firefox	Firefox versions antérieures à 143
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 115.28
Mozilla	Thunderbird	Thunderbird versions antérieures à 143

References

Title

Publication Time

CERTFR-2025-AVI-0797

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Mozilla	Thunderbird	Thunderbird versions antérieures à 140.3
Mozilla	Firefox Focus	Focus pour iOS versions antérieures à 143.0
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 140.3
Mozilla	Firefox	Firefox versions antérieures à 143
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 115.28
Mozilla	Thunderbird	Thunderbird versions antérieures à 143

References

Title

Publication Time

alsa-2025:16108

Vulnerability from osv_almalinux

Published

2025-09-17 00:00

Modified

2025-09-29 08:52

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)
firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)
firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)
firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)
firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)
firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:16108	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-10527	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10528	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10529	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10532	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10533	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10536	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10537	REPORT
	https://bugzilla.redhat.com/2395745	REPORT
	https://bugzilla.redhat.com/2395754	REPORT
	https://bugzilla.redhat.com/2395755	REPORT
	https://bugzilla.redhat.com/2395756	REPORT
	https://bugzilla.redhat.com/2395759	REPORT
	https://bugzilla.redhat.com/2395764	REPORT
	https://bugzilla.redhat.com/2395766	REPORT
	https://errata.almalinux.org/9/ALSA-2025-16108.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.3.0-1.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox-x11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.3.0-1.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  \n\nSecurity Fix(es):  \n\n  * firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)\n  * firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)\n  * firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)\n  * firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)\n  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)\n  * firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)\n  * firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:16108",
  "modified": "2025-09-29T08:52:33Z",
  "published": "2025-09-17T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:16108"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10527"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10528"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10529"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10532"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10533"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10536"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10537"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395745"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395754"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395755"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395756"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395759"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395764"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395766"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-16108.html"
    }
  ],
  "related": [
    "CVE-2025-10527",
    "CVE-2025-10532",
    "CVE-2025-10528",
    "CVE-2025-10529",
    "CVE-2025-10537",
    "CVE-2025-10536",
    "CVE-2025-10533"
  ],
  "summary": "Important: firefox security update"
}

alsa-2025:16109

Vulnerability from osv_almalinux

Published

2025-09-17 00:00

Modified

2025-09-25 15:04

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)
firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)
firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)
firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)
firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)
firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:16109	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-10527	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10528	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10529	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10532	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10533	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10536	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10537	REPORT
	https://bugzilla.redhat.com/2395745	REPORT
	https://bugzilla.redhat.com/2395754	REPORT
	https://bugzilla.redhat.com/2395755	REPORT
	https://bugzilla.redhat.com/2395756	REPORT
	https://bugzilla.redhat.com/2395759	REPORT
	https://bugzilla.redhat.com/2395764	REPORT
	https://bugzilla.redhat.com/2395766	REPORT
	https://errata.almalinux.org/10/ALSA-2025-16109.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.3.0-1.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  \n\nSecurity Fix(es):  \n\n  * firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)\n  * firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)\n  * firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)\n  * firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)\n  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)\n  * firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)\n  * firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:16109",
  "modified": "2025-09-25T15:04:05Z",
  "published": "2025-09-17T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:16109"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10527"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10528"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10529"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10532"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10533"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10536"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10537"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395745"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395754"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395755"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395756"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395759"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395764"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395766"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2025-16109.html"
    }
  ],
  "related": [
    "CVE-2025-10527",
    "CVE-2025-10532",
    "CVE-2025-10528",
    "CVE-2025-10529",
    "CVE-2025-10537",
    "CVE-2025-10536",
    "CVE-2025-10533"
  ],
  "summary": "Important: firefox security update"
}

alsa-2025:16156

Vulnerability from osv_almalinux

Published

2025-09-18 00:00

Modified

2025-09-26 11:14

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)
firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)
firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)
firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)
firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)
firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:16156	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-10527	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10528	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10529	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10532	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10533	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10536	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10537	REPORT
	https://bugzilla.redhat.com/2395745	REPORT
	https://bugzilla.redhat.com/2395754	REPORT
	https://bugzilla.redhat.com/2395755	REPORT
	https://bugzilla.redhat.com/2395756	REPORT
	https://bugzilla.redhat.com/2395759	REPORT
	https://bugzilla.redhat.com/2395764	REPORT
	https://bugzilla.redhat.com/2395766	REPORT
	https://errata.almalinux.org/9/ALSA-2025-16156.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.3.0-1.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.  \n\nSecurity Fix(es):  \n\n  * firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)\n  * firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)\n  * firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)\n  * firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)\n  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)\n  * firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)\n  * firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:16156",
  "modified": "2025-09-26T11:14:21Z",
  "published": "2025-09-18T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:16156"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10527"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10528"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10529"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10532"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10533"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10536"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10537"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395745"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395754"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395755"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395756"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395759"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395764"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395766"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-16156.html"
    }
  ],
  "related": [
    "CVE-2025-10527",
    "CVE-2025-10532",
    "CVE-2025-10528",
    "CVE-2025-10529",
    "CVE-2025-10537",
    "CVE-2025-10536",
    "CVE-2025-10533"
  ],
  "summary": "Important: thunderbird security update"
}

alsa-2025:16157

Vulnerability from osv_almalinux

Published

2025-09-18 00:00

Modified

2025-09-26 09:47

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)
firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)
firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)
firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)
firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)
firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:16157	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-10527	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10528	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10529	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10532	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10533	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10536	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10537	REPORT
	https://bugzilla.redhat.com/2395745	REPORT
	https://bugzilla.redhat.com/2395754	REPORT
	https://bugzilla.redhat.com/2395755	REPORT
	https://bugzilla.redhat.com/2395756	REPORT
	https://bugzilla.redhat.com/2395759	REPORT
	https://bugzilla.redhat.com/2395764	REPORT
	https://bugzilla.redhat.com/2395766	REPORT
	https://errata.almalinux.org/10/ALSA-2025-16157.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.3.0-1.el10_0.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.  \n\nSecurity Fix(es):  \n\n  * firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)\n  * firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)\n  * firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)\n  * firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)\n  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)\n  * firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)\n  * firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:16157",
  "modified": "2025-09-26T09:47:50Z",
  "published": "2025-09-18T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:16157"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10527"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10528"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10529"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10532"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10533"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10536"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10537"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395745"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395754"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395755"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395756"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395759"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395764"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395766"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2025-16157.html"
    }
  ],
  "related": [
    "CVE-2025-10527",
    "CVE-2025-10532",
    "CVE-2025-10528",
    "CVE-2025-10529",
    "CVE-2025-10537",
    "CVE-2025-10536",
    "CVE-2025-10533"
  ],
  "summary": "Important: thunderbird security update"
}

alsa-2025:16260

Vulnerability from osv_almalinux

Published

2025-09-22 00:00

Modified

2025-09-25 15:01

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)
firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)
firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)
firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)
firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)
firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:16260	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-10527	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10528	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10529	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10532	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10533	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10536	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10537	REPORT
	https://bugzilla.redhat.com/2395745	REPORT
	https://bugzilla.redhat.com/2395754	REPORT
	https://bugzilla.redhat.com/2395755	REPORT
	https://bugzilla.redhat.com/2395756	REPORT
	https://bugzilla.redhat.com/2395759	REPORT
	https://bugzilla.redhat.com/2395764	REPORT
	https://bugzilla.redhat.com/2395766	REPORT
	https://errata.almalinux.org/8/ALSA-2025-16260.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.3.0-1.el8_10.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  \n\nSecurity Fix(es):  \n\n  * firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)\n  * firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)\n  * firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)\n  * firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)\n  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)\n  * firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)\n  * firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:16260",
  "modified": "2025-09-25T15:01:51Z",
  "published": "2025-09-22T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:16260"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10527"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10528"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10529"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10532"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10533"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10536"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10537"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395745"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395754"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395755"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395756"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395759"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395764"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395766"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-16260.html"
    }
  ],
  "related": [
    "CVE-2025-10527",
    "CVE-2025-10532",
    "CVE-2025-10528",
    "CVE-2025-10529",
    "CVE-2025-10537",
    "CVE-2025-10536",
    "CVE-2025-10533"
  ],
  "summary": "Important: firefox security update"
}

alsa-2025:16589

Vulnerability from osv_almalinux

Published

2025-09-24 00:00

Modified

2025-09-25 15:05

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)
firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)
firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)
firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)
firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)
firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:16589	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-10527	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10528	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10529	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10532	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10533	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10536	REPORT
	https://access.redhat.com/security/cve/CVE-2025-10537	REPORT
	https://bugzilla.redhat.com/2395745	REPORT
	https://bugzilla.redhat.com/2395754	REPORT
	https://bugzilla.redhat.com/2395755	REPORT
	https://bugzilla.redhat.com/2395756	REPORT
	https://bugzilla.redhat.com/2395759	REPORT
	https://bugzilla.redhat.com/2395764	REPORT
	https://bugzilla.redhat.com/2395766	REPORT
	https://errata.almalinux.org/8/ALSA-2025-16589.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.3.0-1.el8_10.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.  \n\nSecurity Fix(es):  \n\n  * firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)\n  * firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)\n  * firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)\n  * firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)\n  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)\n  * firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)\n  * firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:16589",
  "modified": "2025-09-25T15:05:39Z",
  "published": "2025-09-24T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:16589"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10527"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10528"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10529"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10532"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10533"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10536"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10537"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395745"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395754"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395755"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395756"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395759"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395764"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395766"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-16589.html"
    }
  ],
  "related": [
    "CVE-2025-10527",
    "CVE-2025-10532",
    "CVE-2025-10528",
    "CVE-2025-10529",
    "CVE-2025-10537",
    "CVE-2025-10536",
    "CVE-2025-10533"
  ],
  "summary": "Important: thunderbird security update"
}

CNVD-2025-26891

Vulnerability from cnvd - Published: 2025-11-06

Title

多款Mozilla产品代码执行漏洞（CNVD-2025-26891）

Description

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。Mozilla Firefox ESR是Firefox（Web浏览器）的一个延长支持版本。Mozilla Thunderbird是电子邮件客户端软件，支持IMAP、POP邮件协议以及HTML邮件格式。多款Mozilla产品存在代码执行漏洞，该漏洞是由于SVG组件中的整数溢出引起的。攻击者可利用该漏洞在系统上执行任意代码或导致拒绝服务。

Severity

高

Patch Name

多款Mozilla产品代码执行漏洞（CNVD-2025-26891）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.mozilla.org/security/advisories/mfsa2025-73/

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1980788

Impacted products

Name
['Mozilla Firefox <143', 'Mozilla Firefox ESR <115.28', 'Mozilla Firefox ESR <140.3', 'Mozilla Thunderbird <143', 'Mozilla Thunderbird <140.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-10533",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-10533"
    }
  },
  "description": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox\uff08Web\u6d4f\u89c8\u5668\uff09\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\uff0c\u652f\u6301IMAP\u3001POP\u90ae\u4ef6\u534f\u8bae\u4ee5\u53caHTML\u90ae\u4ef6\u683c\u5f0f\u3002\n\n\u591a\u6b3eMozilla\u4ea7\u54c1\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eSVG\u7ec4\u4ef6\u4e2d\u7684\u6574\u6570\u6ea2\u51fa\u5f15\u8d77\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/security/advisories/mfsa2025-73/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-26891",
  "openTime": "2025-11-06",
  "patchDescription": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox\uff08Web\u6d4f\u89c8\u5668\uff09\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\uff0c\u652f\u6301IMAP\u3001POP\u90ae\u4ef6\u534f\u8bae\u4ee5\u53caHTML\u90ae\u4ef6\u683c\u5f0f\u3002\r\n\r\n\u591a\u6b3eMozilla\u4ea7\u54c1\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eSVG\u7ec4\u4ef6\u4e2d\u7684\u6574\u6570\u6ea2\u51fa\u5f15\u8d77\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eMozilla\u4ea7\u54c1\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2025-26891\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c143",
      "Mozilla Firefox ESR \u003c115.28",
      "Mozilla Firefox ESR \u003c140.3",
      "Mozilla Thunderbird \u003c143",
      "Mozilla Thunderbird \u003c140.3"
    ]
  },
  "referenceLink": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788",
  "serverity": "\u9ad8",
  "submitTime": "2025-09-18",
  "title": "\u591a\u6b3eMozilla\u4ea7\u54c1\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2025-26891\uff09"
}

FKIE_CVE-2025-10533

Vulnerability from fkie_nvd - Published: 2025-09-16 13:15 - Updated: 2026-04-13 15:16

Severity

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

References

URL	Tags
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1980788	Permissions Required
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-73/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-74/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-75/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-77/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-78/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox	*
mozilla	firefox	*
mozilla	thunderbird	*
mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
              "matchCriteriaId": "0C4F56EB-4823-4A3E-81CE-FE4459F7CCB0",
              "versionEndExcluding": "115.28.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "6071B71C-B967-45B9-8CA4-1CB0A9E24D1A",
              "versionEndExcluding": "143.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
              "matchCriteriaId": "EBFDA6E8-A670-4F6D-AB7E-83611B97E14F",
              "versionEndExcluding": "140.3",
              "versionStartIncluding": "116.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A5AA31F-5E87-4759-9E8B-D12A91F10CFE",
              "versionEndExcluding": "140.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FA9EF30-CE04-4A16-8083-E3A773AF2AB8",
              "versionEndExcluding": "143.0",
              "versionStartIncluding": "141.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
    }
  ],
  "id": "CVE-2025-10533",
  "lastModified": "2026-04-13T15:16:36.860",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-16T13:15:47.553",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-74/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-10533 (GCVE-0-2025-10533)

Solutions

Solutions

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature