{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-49709", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-06-09T20:17:23.292Z", "datePublished": "2025-06-11T12:07:49.983Z", "dateUpdated": "2026-04-13T14:31:44.782Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "139.0.4", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4."}]}], "title": "Memory corruption in canvas surfaces", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966083"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-47/"}], "credits": [{"lang": "en", "value": "Yannis Juglaret and Steven Michaud"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:44.782Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-06-11T13:29:28.720878Z", "id": "CVE-2025-49709", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:30:39.988Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-49709", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-11T13:29:28.720878Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:30:30.594Z"}}], "cna": {"title": "Memory corruption in canvas surfaces", "credits": [{"lang": "en", "value": "Yannis Juglaret and Steven Michaud"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "139.0.4", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966083"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-47/"}], "descriptions": [{"lang": "en", "value": "Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4.", "supportingMedia": [{"type": "text/html", "value": "Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:44.782Z"}}}, "cveMetadata": {"cveId": "CVE-2025-49709", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:31:44.782Z", "dateReserved": "2025-06-09T20:17:23.292Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-06-11T12:07:49.983Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D86253F-369A-487F-83BC-5DC1113FA59D", "versionEndExcluding": "139.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4."}, {"lang": "es", "value": "Ciertas operaciones de canvas podr\u00edan haber provocado corrupci\u00f3n de memoria. Esta vulnerabilidad afecta a Firefox anterior a la versi\u00f3n 139.0.4."}], "id": "CVE-2025-49709", "lastModified": "2026-04-13T15:16:58.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-06-11T12:15:26.977", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966083"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-47/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T17:02:31.362812+00:00", "value": {"mitigation_remediation": ["Update Firefox to version 139.0.4 or later.", "If updating immediately is not possible, configure the browser to block canvas element usage by setting the appropriate policy or using a content security policy that restricts canvas.", "Monitor for any unexpected memory corruption or application crashes during web browsing, especially when accessing sites that render complex graphics."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox, all releases prior to 139.0.4 are affected, as the fix was introduced in that version. No further version qualifiers are provided, so any build before the patch likely remains vulnerable.", "description_and_impact": "Certain canvas operations in Mozilla Firefox can lead to memory corruption during the rendering of image data. The vulnerability arises when the browser attempts to write beyond allocated buffers, potentially allowing an attacker to overwrite process memory. While the description does not explicitly state the resulting payload, a memory corruption flaw of this nature is capable of enabling arbitrary code execution in the context of the browser. The weakness is classified as CWE\u2011787 and is rated with a CVSS score of 9.8, which reflects the potential for full compromise of the host system.", "risk_and_exploitability": "The EPSS score for this vulnerability is below one percent, indicating that exploitation attempts are expected to be rare. The issue is not listed in the CISA KEV catalog. However, the CVSS score of 9.8 signals that an exploit, if discovered, could yield complete system compromise. The likely attack vector involves a malicious web page that manipulates canvas content, as the flaw is triggered during rendering. While exploitation probability is low, the high impact warrants prompt action."}}}}, "created": "2025-06-23T09:16:30.889673+00:00", "updated": "2026-04-20T17:15:12.543954+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox"]}