PT-2025-22991 · Mozilla+11 · Firefox+11

Jakub Szymsza

·

Published

2025-05-27

·

Updated

2025-12-03

·

CVE-2025-5266

CVSS v2.0

6.4

Medium

VectorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 139 Firefox ESR versions prior to 128.11
Description The issue arises from script elements loading cross-origin resources, which generate load and error events. These events leak information, enabling XS-Leaks attacks. XS-Leaks refer to a type of side-channel attack that involves exploiting the differences in behavior between same-origin and cross-origin requests to infer sensitive information.
Recommendations For Firefox versions prior to 139, update to version 139 or later to resolve the issue. For Firefox ESR versions prior to 128.11, update to version 128.11 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALSA-2025:8293
ALSA-2025:8308
ALSA-2025:8341
ALSA-2025:8607
ALSA-2025:8608
ALSA-2025:8756
ALT-PU-2025-11100
ALT-PU-2025-11495
ALT-PU-2025-11497
ALT-PU-2025-14599
ALT-PU-2025-8611
ALT-PU-2025-8725
BDU:2025-06224
CESA-2025_8308
CESA-2025_8756
CVE-2025-5266
DLA-4191-1
DLA-4194-1
DSA-5926-1
DSA-5932-1
INFSA-2025_8293
INFSA-2025_8308
INFSA-2025_8607
INFSA-2025_8756
MGASA-2025-0195
MGASA-2025-0197
OESA-2025-1633
OESA-2025-1634
OESA-2025-1635
OESA-2025-1636
OESA-2025-1835
OPENSUSE-SU-2025-20135-1
OPENSUSE-SU-2025:15170-1
OPENSUSE-SU-2025:15174-1
OPENSUSE-SU-2025:15196-1
OPENSUSE-SU-2025:15315-1
OPENSUSE-SU-2025:20135-1
RHSA-2025:8293
RHSA-2025:8308
RHSA-2025:8341
RHSA-2025:8598
RHSA-2025:8599
RHSA-2025:8607
RHSA-2025:8608
RHSA-2025:8628
RHSA-2025:8629
RHSA-2025:8630
RHSA-2025:8631
RHSA-2025:8642
RHSA-2025:8756
RHSA-2025:9071
RHSA-2025:9072
RHSA-2025:9073
RHSA-2025:9074
RHSA-2025:9075
RHSA-2025:9076
RHSA-2025:9077
RHSA-2025:9155
RHSA-2025_8293
RHSA-2025_8308
RHSA-2025_8607
RHSA-2025_8756
SUSE-SU-2025:01769-1
SUSE-SU-2025:01814-1
SUSE-SU-2025:01946-1
SUSE-SU-2025:21170-1
SUSE-SU-2025_01769-1
SUSE-SU-2025_01814-1
USN-7663-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Firefox
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu