{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9180", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-08-19T15:55:39.806Z", "datePublished": "2025-08-19T20:33:54.532Z", "dateUpdated": "2026-04-13T14:25:49.457Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "115.27", "lessThanOrEqual": "115.*", "versionType": "rpm"}, {"status": "unaffected", "version": "128.14", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "140.2", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "142", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.14", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "140.2", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "142", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2."}]}], "title": "Same-origin policy bypass in the Graphics: Canvas2D component", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979782"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-64/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-65/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-66/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-67/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-70/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-71/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-72/"}], "credits": [{"lang": "en", "value": "Tom Van Goethem"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:25:49.457Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-346", "lang": "en", "description": "CWE-346 Origin Validation Error"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-08-20T14:05:47.767479Z", "id": "CVE-2025-9180", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-20T15:18:51.995Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00018.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00016.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:14:12.191Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-9180", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-20T14:05:47.767479Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-346", "description": "CWE-346 Origin Validation Error"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-20T14:05:55.611Z"}}], "cna": {"title": "Same-origin policy bypass in the Graphics: Canvas2D component", "credits": [{"lang": "en", "value": "Tom Van Goethem"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "142", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "115.27", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "128.14", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "140.2", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "142", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "128.14", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "140.2", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979782"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-64/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-65/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-66/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-67/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-70/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-71/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-72/"}], "descriptions": [{"lang": "en", "value": "Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.", "supportingMedia": [{"type": "text/html", "value": "Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2025-10-30T15:57:04.285Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9180", "state": "PUBLISHED", "dateUpdated": "2025-10-30T15:57:04.285Z", "dateReserved": "2025-08-19T15:55:39.806Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-08-19T20:33:54.532Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "EA30840B-9687-4BD4-B2F6-7557A75D2C5C", "versionEndExcluding": "115.27.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "9F095AEE-D972-4427-A063-5CA441E4D1A5", "versionEndExcluding": "142.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "02EDFC2B-306B-4DF6-B2DE-8E2B405727B2", "versionEndExcluding": "128.14.0", "versionStartIncluding": "128.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "4FEE0509-E29D-4C59-A920-60E804499A78", "versionEndExcluding": "140.2.0", "versionStartIncluding": "140.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "matchCriteriaId": "DCD60324-B41D-4408-B4EF-274DF15E1249", "versionEndExcluding": "128.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "matchCriteriaId": "44E5E769-8961-46D3-90E5-DFA27D979F7D", "versionEndExcluding": "142.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "matchCriteriaId": "28D57F8E-9E36-415C-9A56-8ED3A3B755D4", "versionEndExcluding": "140.2.0", "versionStartIncluding": "140.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2."}, {"lang": "es", "value": "Omisi\u00f3n de pol\u00edtica de mismo origen en el componente Gr\u00e1ficos: Canvas2D. Esta vulnerabilidad afecta a Firefox &lt; 142, Firefox ESR &lt; 115.27, Firefox ESR &lt; 128.14, Firefox ESR &lt; 140.2, Thunderbird &lt; 142, Thunderbird &lt; 128.14 y Thunderbird &lt; 140.2."}], "id": "CVE-2025-9180", "lastModified": "2026-04-13T15:17:13.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-08-19T21:15:30.390", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979782"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-64/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-65/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-66/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-67/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-70/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-71/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-72/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00018.html"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component", "id": "2389581", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389581"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-200", "details": ["'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.", "A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Graphics: Canvas2D component."], "name": "CVE-2025-9180", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/thunderbird-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-08-19T20:33:54Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-9180\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-9180\nhttps://www.mozilla.org/security/advisories/mfsa2025-66/#CVE-2025-9180\nhttps://www.mozilla.org/security/advisories/mfsa2025-71/#CVE-2025-9180"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-20T18:03:06.712755+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest release of Firefox (v142) or ESR 115.27 and newer; similarly, upgrade Thunderbird to v142 or ESR 115.27 and newer.", "Disable or remove any third\u2011party extensions and user scripts that might inject code into web pages or emails, as they could trigger Canvas rendering from untrusted sources.", "Implement a strict content security policy that disallows inline scripts and limits external script execution to trusted origins, reducing the chance that a malicious page can create the vulnerable situation."], "summary": {"action": "Patch Immediately", "impact": "Same-origin policy bypass allowing cross\u2011origin data access"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox releases 142 and all current ESR releases (115.27, 128.14, 140.2) and Mozilla Thunderbird releases 142 and all current ESR releases (115.27, 128.14, 140.2) are affected. Earlier versions of these products are vulnerable.", "description_and_impact": "A flaw in the Graphics: Canvas2D component lets a malicious script read pixel data from a canvas that was rendered with content from a different origin. The result is an information disclosure that bypasses the browser\u2019s same\u2011origin policy, exposing data that could include sensitive user content, crumbs of private information, or other data normally protected by origin boundaries. The weakness is aligned with information\u2011exposure weaknesses such as CWE\u2011200 and CWE\u2011346.", "risk_and_exploitability": "The CVSS score of 8.1 indicates a high severity, while the EPSS of less than 1% suggests a low likelihood of widespread exploitation at present. The vulnerability is not listed in the CISA KEV catalog, which indicates that it has not yet been the target of known, active exploitation campaigns. Attackers would need to lure a user to a malicious web page or send them a malicious email that triggers the Canvas2D rendering, which means the risk exists in typical browser usage scenarios."}}}}, "created": "2025-08-21T12:31:47.326649+00:00", "updated": "2026-04-20T18:15:13.613153+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox", "mozilla$PRODUCT$firefox_esr", "mozilla$PRODUCT$thunderbird"]}