CVE-2025-9180 Same-origin policy bypass in the Graphics: Canvas2D component

🗓️ 19 Aug 2025 20:33:54Reported by mozillaType

CVE-2025-9180 Canvas2D same-origin bypass; affects Firefox and Thunderbird older than 142.

Reporter	Title	Published	Views	Family All 426
FreeBSD	Mozilla -- Same-origin policy bypass in the Graphics: Canvas2D component	19 Aug 202500:00	–	freebsd
FreeBSD	Mozilla -- Same-origin policy bypass	19 Aug 202500:00	–	freebsd
ATTACKERKB	CVE-2025-9180	19 Aug 202520:33	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : firefox (ALAS2023-2025-1171)	8 Sep 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : thunderbird, --advisory ALAS2-2025-2999 (ALAS-2025-2999)	16 Sep 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-042 (ALASFIREFOX-2025-042)	16 Sep 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : firefox (ALSA-2025:14416)	27 Aug 202500:00	–	nessus
Tenable Nessus	AlmaLinux 10 : firefox (ALSA-2025:14417)	9 Oct 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : firefox (ALSA-2025:14442)	28 Aug 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : thunderbird (ALSA-2025:14640)	29 Aug 202500:00	–	nessus

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "115.27",
        "lessThanOrEqual": "115.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "128.14",
        "lessThanOrEqual": "128.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "140.2",
        "lessThanOrEqual": "140.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "142",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "128.14",
        "lessThanOrEqual": "128.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "140.2",
        "lessThanOrEqual": "140.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "142",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  }
]

Source	Link
mozilla	www.mozilla.org/security/advisories/mfsa2025-72/
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi
mozilla	www.mozilla.org/security/advisories/mfsa2025-70/
mozilla	www.mozilla.org/security/advisories/mfsa2025-71/
mozilla	www.mozilla.org/security/advisories/mfsa2025-65/
mozilla	www.mozilla.org/security/advisories/mfsa2025-67/
mozilla	www.mozilla.org/security/advisories/mfsa2025-64/
mozilla	www.mozilla.org/security/advisories/mfsa2025-66/

13 Apr 2026 14:25Current

EPSS0.00061