CVE-2025-9180

HIGH

Firefox <142 - SSRF

Title source: llm

Description

Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.

References (10)

Scores

CVSS v3 8.1
EPSS 0.0003
EPSS Percentile 7.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Classification

CWE
CWE-346
Status published

Affected Products (4)

mozilla/firefox < 115.27.0
mozilla/firefox < 142.0
mozilla/thunderbird < 128.14.0
mozilla/thunderbird < 142.0

Timeline

Published Aug 19, 2025
Tracked Since Feb 18, 2026