VDB
DEBIAN-CVE-2025-10527
DEBIAN-CVE-2025-10527
PUBLISHED
CVSS 7.099999904632568 HIGH
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
Risk Scores
CVSS 3.1
7.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | firefox-esr | *, *, * |
| Debian:12 | thunderbird | 128.12.0, 128.12.0, 128.12.0 |
| Debian:13 | thunderbird | 129.0, *, * |
| Debian:14 | firefox-esr | 140.3.0, 140.3.0, 140.3.0 |
| Debian:11 | thunderbird | 102.8.0-1, 102.9.0-1, 102.9.0-1 |
| Debian:11 | firefox-esr | 102.14.0, 102.14.0, 102.15.0 |
| Debian:13 | firefox-esr | 140.3.0, 140.3.0, 140.3.0 |
| Debian:14 | thunderbird | 128.13.0, 128.14.0, 128.14.0 |
Timeline
- Sep 16, 2025 CVE Published
- Apr 28, 2026 CVE Updated