CVE-2025-11152 - Vulnerability Details

- Sandbox escape due to integer overflow in the Graphics: Canvas2D component

Description

Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3.

Published: 2025-09-30

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is caused by an integer overflow in the Graphics: Canvas2D component of Firefox, which allows an attacker to escape the browser sandbox. The overflow can corrupt memory bounds and enable the execution of arbitrary code with elevated privileges, effectively compromising the victim's system. This flaw is classified as CWE‑190 (Integer Overflow).

Affected Systems

Mozilla Firefox users running any release earlier than 143.0.3 are potentially affected by this sandbox escape. The fix was applied in Firefox 143.0.3, so all versions 143.0.0 to 142.x and earlier are vulnerable unless otherwise patched.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity, and the EPSS score of less than 1% suggests a low, though nonzero, exploitation probability at the time of analysis. The flaw is not currently listed in CISA's KEV catalog. Based on the description, the likely attack vector involves an attacker supplying malicious JavaScript or crafted content that triggers the overflow within the Canvas2D rendering path, leading to sandbox escape and code execution.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mozilla

Firefox

affected

Version	Status	Constraints
`143.0.3`	unaffected	≤ *

Configuration 1 [-]

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Mozilla	Firefox	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Firefox to version 143.0.3 or later to apply the vendor patch.
If an immediate upgrade is not feasible, configure the browser or the hosting environment to restrict or disable Canvas2D operations, for example by using content‑security‑policy directives that block the use of the canvas element.
Place untrusted web content in a strictly sandboxed iframe that limits script execution and prevents access to potentially dangerous APIs.

Generated by OpenCVE AI on April 20, 2026 at 17:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-31733	This vulnerability affects Firefox < 143.0.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0006.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1987246
https://nvd.nist.gov/vuln/detail/CVE-2025-11152
https://www.cve.org/CVERecord?id=CVE-2025-11152
https://www.mozilla.org/security/advisories/mfsa2025-80/

History

Mon, 13 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description	Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143.0.3.	Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3.

Thu, 30 Oct 2025 16:30:00 +0000

Type	Values Removed	Values Added
Description	This vulnerability affects Firefox < 143.0.3.	Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143.0.3.

Mon, 13 Oct 2025 10:15:00 +0000

Type	Values Removed	Values Added
Title	firefox: From CVEorg collector	Sandbox escape due to integer overflow in the Graphics: Canvas2D component

Fri, 03 Oct 2025 20:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:mozilla:firefox::::::::

Thu, 02 Oct 2025 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla firefox
Vendors & Products		Mozilla Mozilla firefox

Wed, 01 Oct 2025 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-190
Metrics		cvssV3_1 `{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 01 Oct 2025 00:15:00 +0000

Type	Values Removed	Values Added
Title		firefox: From CVEorg collector
References		https://nvd.nist.gov/vuln/detail/CVE-2025-11152 https://www.cve.org/CVERecord?id=CVE-2025-11152

Tue, 30 Sep 2025 13:00:00 +0000

Type	Values Removed	Values Added
Description		This vulnerability affects Firefox < 143.0.3.
References		https://bugzilla.mozilla.org/show_bug.cgi?id=1987246 https://www.mozilla.org/security/advisories/mfsa2025-80/

Subscriptions

Mozilla Firefox

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2025-09-30T12:49:05.895Z

Updated: 2026-04-13T14:30:14.469Z

Reserved: 2025-09-29T13:22:48.402Z

Link: CVE-2025-11152

Vulnrichment

Updated: 2025-10-01T14:10:10.381Z

NVD

Status : Modified

Published: 2025-09-30T13:15:48.680

Modified: 2026-04-13T15:16:38.857

Link: CVE-2025-11152

Redhat

Severity :

Publid Date: 2025-09-30T12:49:05Z

Links: CVE-2025-11152 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-20T18:00:11Z

Weaknesses

CWE-190

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object