Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-9180

Опубликовано: 19 авг. 2025
Источник: redhat
CVSS3: 7.5

Описание

'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Graphics: Canvas2D component.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10firefoxAffected
Red Hat Enterprise Linux 10rhel10/firefox-flatpakAffected
Red Hat Enterprise Linux 10rhel10/thunderbird-flatpakAffected
Red Hat Enterprise Linux 10thunderbirdAffected
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7firefoxAffected
Red Hat Enterprise Linux 7thunderbirdOut of support scope
Red Hat Enterprise Linux 8firefoxAffected
Red Hat Enterprise Linux 8thunderbirdAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2389581thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-9180

CVSS3: 8.1
ubuntu
7 дней назад

'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.

nvd логотип

CVE-2025-9180

CVSS3: 8.1
nvd
7 дней назад

'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.

debian логотип

CVE-2025-9180

CVSS3: 8.1
debian
7 дней назад

'Same-origin policy bypass in the Graphics: Canvas2D component.' This ...

github логотип

GHSA-728v-c7pv-wm7x

CVSS3: 8.1
github
7 дней назад

'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.

7.5 High

CVSS3