Mozilla · Thunderbird · CVE-2025-8037
**Name of the Vulnerable Software and Affected Versions**
Firefox versions prior to 141
Firefox ESR versions prior to 140.1
Thunderbird versions prior to 141
Thunderbird versions prior to 140.1
**Description**
Setting a nameless cookie with an equals sign in the value shadowed other cookies. This occurred even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute.
**Recommendations**
Update Firefox to version 141 or later.
Update Firefox ESR to version 140.1 or later.
Update Thunderbird to version 141 or later.
Update Thunderbird to version 140.1 or later.