Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143.0.3.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f752879f-b809-11f0-8016-b42e991fc52e advisory.

    https://bugzilla.mozilla.org/show_bug.cgi?id=1987246 reports:
    Sandbox escape due to integer overflow in the Graphics:
              Canvas2D component.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f3550d26-ab7d-11f0-b961-b42e991fc52e advisory.

    security@mozilla.org reports:
    Sandbox excape due to integer overflow in the Graphics:
                Canvas2D component

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability affects     Firefox < 143.0.3. (CVE-2025-11152)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-cdabd887aa advisory.

    - Updated to latest upstream (143.0.3)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b18c05fecd advisory.

    - New upstream release (143.0.3)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ddecb35946 advisory.

    - New upstream release (143.0.3)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 143.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-80 advisory.

  - Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability affects     Firefox < 143.0.3. (CVE-2025-11152)

  - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 143.0.3.
    (CVE-2025-11153)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 143.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-80 advisory.

  - Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability affects     Firefox < 143.0.3. (CVE-2025-11152)

  - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 143.0.3.
    (CVE-2025-11153)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
272212	FreeBSD : Firefox -- Sandbox escape due to integer overflow (f752879f-b809-11f0-8016-b42e991fc52e)	Nessus	FreeBSD Local Security Checks	high
270742	FreeBSD : Firefox -- Sandbox escape (f3550d26-ab7d-11f0-b961-b42e991fc52e)	Nessus	FreeBSD Local Security Checks	high
269654	Linux Distros Unpatched Vulnerability : CVE-2025-11152	Nessus	Misc.	high
266593	Fedora 43 : firefox (2025-cdabd887aa)	Nessus	Fedora Local Security Checks	high
266436	Fedora 41 : firefox (2025-b18c05fecd)	Nessus	Fedora Local Security Checks	high
266380	Fedora 42 : firefox (2025-ddecb35946)	Nessus	Fedora Local Security Checks	high
266291	Mozilla Firefox < 143.0.3	Nessus	Windows	high
266290	Mozilla Firefox < 143.0.3	Nessus	MacOS X Local Security Checks	high

Detections

Analytics

CVE-2025-11152

high

Tenable Plugins

high

high

high

high

high

high

high

high