Mozilla Product Security Update Advisory

Overview

 

We have released security updates to fix vulnerabilities in Mozilla products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-10527, CVE-2025-10528, CVE-2025-10537

 

Thunderbird Versions: 140.3 and earlier
Thunderbird version: 143 or lower
Firefox ESR version: 140.3 or lower
Firefox version: less than 143

 

 

Resolved Vulnerabilities

 

Graphics: Sandbox escape vulnerability due to use-after-free in Canvas2D component (CVE-2025-10527)
Graphics: Sandbox escape vulnerability due to undefined behavior and incorrect pointer handling in the Canvas2D component (CVE-2025-10528)
Memory safety vulnerability in Mozilla products (CVE-2025-10537)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-10527, CVE-2025-10528, CVE-2025-10537

 

Thunderbird version: 140.3
Thunderbird version: 143
Firefox ESR Version: 140.3
Firefox version: 143

 

 

References

 

[1] Mozilla Foundation Security Advisory 2025-78
https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/
[2] Mozilla Foundation Security Advisory 2025-77
https://www.mozilla.org/en-US/security/advisories/mfsa2025-77/
[3] Mozilla Foundation Security Advisory 2025-75
https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/
[4] Mozilla Foundation Security Advisory 2025-73
https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/