{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10533", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-09-16T06:48:44.680Z", "datePublished": "2025-09-16T12:26:34.655Z", "dateUpdated": "2026-04-13T14:28:19.829Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "115.28", "lessThanOrEqual": "115.*", "versionType": "rpm"}, {"status": "unaffected", "version": "140.3", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "143", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "140.3", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "143", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."}]}], "title": "Integer overflow in the SVG component", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-74/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"}], "credits": [{"lang": "en", "value": "Andrew Creskey"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:28:19.829Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-190", "lang": "en", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-09-16T13:44:57.212905Z", "id": "CVE-2025-10533", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-16T13:45:01.113Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:08:34.662Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:08:34.662Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-10533", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-16T13:44:57.212905Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-16T13:43:17.420Z"}}], "cna": {"title": "Integer overflow in the SVG component", "credits": [{"lang": "en", "value": "Andrew Creskey"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "115.28", "versionType": "rpm", "lessThanOrEqual": "115.*"}, {"status": "unaffected", "version": "140.3", "versionType": "rpm", "lessThanOrEqual": "140.*"}, {"status": "unaffected", "version": "143", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "140.3", "versionType": "rpm", "lessThanOrEqual": "140.*"}, {"status": "unaffected", "version": "143", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-74/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"}], "descriptions": [{"lang": "en", "value": "Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.", "supportingMedia": [{"type": "text/html", "value": "Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:28:19.829Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10533", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:28:19.829Z", "dateReserved": "2025-09-16T06:48:44.680Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-09-16T12:26:34.655Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "0C4F56EB-4823-4A3E-81CE-FE4459F7CCB0", "versionEndExcluding": "115.28.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "6071B71C-B967-45B9-8CA4-1CB0A9E24D1A", "versionEndExcluding": "143.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "EBFDA6E8-A670-4F6D-AB7E-83611B97E14F", "versionEndExcluding": "140.3", "versionStartIncluding": "116.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A5AA31F-5E87-4759-9E8B-D12A91F10CFE", "versionEndExcluding": "140.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FA9EF30-CE04-4A16-8083-E3A773AF2AB8", "versionEndExcluding": "143.0", "versionStartIncluding": "141.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."}], "id": "CVE-2025-10533", "lastModified": "2026-04-13T15:16:36.860", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-09-16T13:15:47.553", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-74/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:16109", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "firefox-0:140.3.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-09-17T00:00:00Z"}, {"advisory": "RHSA-2025:16108", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:140.3.0-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-09-17T00:00:00Z"}], "bugzilla": {"description": "firefox: thunderbird: Integer overflow in the SVG component", "id": "2395766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395766"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-190", "details": ["No description is available for this CVE."], "name": "CVE-2025-10533", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/thunderbird-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-09-16T12:26:34Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-10533\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-10533\nhttps://www.mozilla.org/security/advisories/mfsa2025-75/#CVE-2025-10533\nhttps://www.mozilla.org/security/advisories/mfsa2025-78/#CVE-2025-10533"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T17:59:25.952584+00:00", "value": {"mitigation_remediation": ["Upgrade to Mozilla Firefox\u00a0143 or newer, including ESR\u00a0115.28 or 140.3 releases.", "Upgrade to Mozilla Thunderbird\u00a0143 or newer, including ESR\u00a0140.3 releases.", "If immediate upgrade is not possible, configure the browser or email client to block or filter SVG content from untrusted sources, or disable the SVG rendering engine entirely until a patch is applied."], "summary": {"action": "Immediate Patch", "impact": "Potential remote code execution through crafted SVG"}, "threat_synthesis": {"affected_systems": "The flaw affects Mozilla Firefox versions before 143, including the ESR lines before 115.28 and 140.3, as well as Mozilla Thunderbird before 143 and before the ESR 140.3 release. Attackers could target any user who opens a malicious SVG file in these browsers.", "description_and_impact": "The vulnerability is an integer overflow detected in the core SVG rendering engine. It can allow an attacker who controls SVG input to manipulate size calculations, potentially leading to memory corruption and remote code execution when an SVG file is rendered. The weakness is classified as CWE-190, which typically results in loss of confidentiality, integrity, or availability if exploited.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity, but the EPSS score of less than 1% and the absence from the KEV catalog suggest that exploitation is currently unlikely. Nonetheless, the attack vector is likely remote via crafted SVG, so the risk to end users remains significant if no patch is applied."}}}}, "created": "2025-09-17T10:04:56.134642+00:00", "updated": "2026-04-20T18:00:11.172846+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox", "mozilla$PRODUCT$firefox_esr", "mozilla$PRODUCT$thunderbird"]}