Primary

Context

Mozilla Firefox and Thunderbird Same-Origin Policy Bypass Vulnerability in Canvas2D Component

Vulnerability

Patched

A same-origin policy bypass vulnerability has been identified in the Graphics: Canvas2D component of Mozilla Firefox and Thunderbird. This issue affects multiple versions, including Firefox through 141, Firefox ESR prior to 115.27, Firefox ESR prior to 128.14, Firefox ESR prior to 140.2, Thunderbird through 141, Thunderbird ESR prior to 115.27, Thunderbird ESR prior to 128.14, and Thunderbird ESR prior to 140.2.

Impact

Exploitation of this vulnerability allows for a same-origin policy bypass, which could lead to cross-origin resource sharing issues or unauthorized access to resources from different origins.

Remediation

Users can upgrade to Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, or Thunderbird 142 to address this vulnerability.

Added: Aug 19, 2025, 9:25 PM

Updated: Aug 19, 2025, 9:25 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox and Thunderbird Same-Origin Policy Bypass Vulnerability in Canvas2D Component

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

Mozilla Firefox ESR

Mozilla Thunderbird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating