CVE-2025-10533
published 2025-09-16CVE-2025-10533: Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 143.0-1 (sid) | firefox 143.0-1 (sid) |
| debian | firefox-esr | < firefox 143.0-1 (sid) | firefox 143.0-1 (sid) |
| debian | thunderbird | < firefox 143.0-1 (sid) | firefox 143.0-1 (sid) |
| mozilla | firefox | < 115.28.0 | 115.28.0 |
| mozilla | firefox | < 143.0 | 143.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 116.0 < 140.3 | 140.3 |
| mozilla | thunderbird | < 140.3.0 | 140.3.0 |
| mozilla | thunderbird | >= 0 < 1:140.3.0esr-1~deb11u1 | 1:140.3.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:140.3.0esr-1~deb12u1 | 1:140.3.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:140.3.0esr-1~deb13u1 | 1:140.3.0esr-1~deb13u1 |
| mozilla | thunderbird | >= 0 < 1:140.3.0esr-1 | 1:140.3.0esr-1 |
| mozilla | thunderbird | >= 141.0 < 143.0 | 143.0 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH