Mozilla · Thunderbird · CVE-2025-4088
**Name of the Vulnerable Software and Affected Versions**
Firefox versions prior to 138
Thunderbird versions prior to 138
**Description**
A security issue in Firefox and Thunderbird allows malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that has invoked the Storage Access API, potentially enabling Cross-Site Request Forgery attacks across origins.
**Recommendations**
For Firefox versions prior to 138, update to version 138 or later to resolve the issue.
For Thunderbird versions prior to 138, update to version 138 or later to resolve the issue.