CVE-2025-10528 | THREATINT

Description

Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

PUBLISHED Reserved 2025-09-16 | Published 2025-09-16 | Updated 2025-10-30 | Assigner mozilla

Product status

Any version before 143

affected

Any version before 140.3

affected

Any version before 143

affected

Any version before 140.3

affected

Credits

Oskar L

References

bugzilla.mozilla.org/show_bug.cgi?id=1986185

www.mozilla.org/security/advisories/mfsa2025-73/

www.mozilla.org/security/advisories/mfsa2025-75/

www.mozilla.org/security/advisories/mfsa2025-77/

www.mozilla.org/security/advisories/mfsa2025-78/

cve.org (CVE-2025-10528)

nvd.nist.gov (CVE-2025-10528)

Download JSON

help @ threatint.eu