{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11152", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-09-29T13:22:48.402Z", "datePublished": "2025-09-30T12:49:05.895Z", "dateUpdated": "2026-04-13T14:30:14.469Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "143.0.3", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3."}]}], "title": "Sandbox escape due to integer overflow in the Graphics: Canvas2D component", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1987246"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-80/"}], "credits": [{"lang": "en", "value": "Oskar L"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:14.469Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-190", "lang": "en", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-10-01T14:08:07.401617Z", "id": "CVE-2025-11152", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T14:13:20.256Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-11152", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-01T14:08:07.401617Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T14:10:10.381Z"}}], "cna": {"title": "Sandbox escape due to integer overflow in the Graphics: Canvas2D component", "credits": [{"lang": "en", "value": "Oskar L"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "143.0.3", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1987246"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-80/"}], "descriptions": [{"lang": "en", "value": "Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3.", "supportingMedia": [{"type": "text/html", "value": "Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:14.469Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11152", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:30:14.469Z", "dateReserved": "2025-09-29T13:22:48.402Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-09-30T12:49:05.895Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "47232932-B734-4462-8CE1-B7CC32EA9E8E", "versionEndExcluding": "143.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3."}, {"lang": "es", "value": "Escape de sandbox debido a desbordamiento de entero en el componente Graphics: Canvas2D. Esta vulnerabilidad afecta a Firefox < 143.0.3."}], "id": "CVE-2025-11152", "lastModified": "2026-04-13T15:16:38.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-09-30T13:15:48.680", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1987246"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-80/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: From CVEorg collector", "id": "2400447", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400447"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2025-11152", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Under investigation", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-09-30T12:49:05Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-11152\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-11152\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1987246\nhttps://www.mozilla.org/security/advisories/mfsa2025-80/"]}

{"analysis": {"en": {"generated_at": "2026-04-20T17:52:31.769104+00:00", "value": {"mitigation_remediation": ["Upgrade Firefox to version 143.0.3 or later to apply the vendor patch.", "If an immediate upgrade is not feasible, configure the browser or the hosting environment to restrict or disable Canvas2D operations, for example by using content\u2011security\u2011policy directives that block the use of the canvas element.", "Place untrusted web content in a strictly sandboxed iframe that limits script execution and prevents access to potentially dangerous APIs."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox users running any release earlier than 143.0.3 are potentially affected by this sandbox escape. The fix was applied in Firefox 143.0.3, so all versions 143.0.0 to 142.x and earlier are vulnerable unless otherwise patched.", "description_and_impact": "The vulnerability is caused by an integer overflow in the Graphics: Canvas2D component of Firefox, which allows an attacker to escape the browser sandbox. The overflow can corrupt memory bounds and enable the execution of arbitrary code with elevated privileges, effectively compromising the victim's system. This flaw is classified as CWE\u2011190 (Integer Overflow).", "risk_and_exploitability": "The CVSS score of 8.6 indicates a high severity, and the EPSS score of less than 1% suggests a low, though nonzero, exploitation probability at the time of analysis. The flaw is not currently listed in CISA's KEV catalog. Based on the description, the likely attack vector involves an attacker supplying malicious JavaScript or crafted content that triggers the overflow within the Canvas2D rendering path, leading to sandbox escape and code execution."}}}}, "created": "2025-10-02T08:46:20.556174+00:00", "updated": "2026-04-20T18:00:11.161401+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox"]}