PT-2025-30478 · Mozilla+9 · Thunderbird+11

Mirko Brodesser

·

Published

2025-07-22

·

Updated

2026-02-02

·

CVE-2025-8029

CVSS v2.0

9.4

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:N
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 141 Thunderbird versions prior to 128.13 Firefox versions prior to 141 Firefox ESR versions prior to 128.13 Firefox ESR versions prior to 140.1
Description Thunderbird and Firefox are affected by a flaw where javascript: URLs are executed when used within object and embed tags.
Recommendations Update Thunderbird to version 141 or later. Update Firefox to version 141 or later. Update Firefox ESR to version 128.13 or later. Update Firefox ESR to version 140.1 or later.

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-94

Related Identifiers

ALSA-2025:11747
ALSA-2025:11748
ALSA-2025:11797
ALSA-2025:12187
ALSA-2025:12188
ALSA-2025:13676
ALT-PU-2025-10124
ALT-PU-2025-10542
ALT-PU-2025-11100
ALT-PU-2025-11495
ALT-PU-2025-11497
ALT-PU-2025-14599
ALT-PU-2025-9988
BDU:2025-09457
CESA-2025_11747
CESA-2025_13676
CVE-2025-8029
DLA-4250-1
DLA-4253-1
DSA-5964-1
DSA-5966-1
INFSA-2025_11747
INFSA-2025_11748
INFSA-2025_12187
INFSA-2025_13676
MGASA-2025-0227
MGASA-2025-0228
OESA-2025-1933
OESA-2025-1934
OESA-2025-1935
OESA-2025-1936
OESA-2025-1937
OESA-2025-2099
OPENSUSE-SU-2025-20135-1
OPENSUSE-SU-2025:15371-1
OPENSUSE-SU-2025:15383-1
OPENSUSE-SU-2025:15386-1
OPENSUSE-SU-2025:15387-1
OPENSUSE-SU-2025:20135-1
RHSA-2025:11747
RHSA-2025:11748
RHSA-2025:11797
RHSA-2025:12044
RHSA-2025:12045
RHSA-2025:12046
RHSA-2025:12187
RHSA-2025:12188
RHSA-2025:12278
RHSA-2025:12302
RHSA-2025:12353
RHSA-2025:12360
RHSA-2025:12361
RHSA-2025:13645
RHSA-2025:13646
RHSA-2025:13647
RHSA-2025:13648
RHSA-2025:13649
RHSA-2025:13650
RHSA-2025:13651
RHSA-2025:13676
RHSA-2025_11747
RHSA-2025_11748
RHSA-2025_12187
RHSA-2025_13676
SUSE-SU-2025:02529-1
SUSE-SU-2025:02531-1
SUSE-SU-2025:02546-1
SUSE-SU-2025:21170-1
SUSE-SU-2025_02529-1
SUSE-SU-2025_02531-1
USN-7991-1

Affected Products

Alt Linux
Almalinux
Centos
Debian
Firefox
Firefox Esr
Linuxmint
Red Hat
Rocky Linux
Suse
Thunderbird
Ubuntu