PT-2025-30485 · Mozilla+4 · Thunderbird+4

Viktor Bocz

·

Published

2025-07-22

·

Updated

2026-02-02

·

CVE-2025-8036

CVSS v2.0

9.4

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:N
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 141 Thunderbird versions prior to 140.1
Description Thunderbird cached Cross-Origin Resource Sharing (CORS) preflight responses across IP address changes, which allowed bypassing CORS protections with DNS rebinding. DNS rebinding is a security risk that occurs when a DNS server returns different IP addresses for the same domain name, potentially allowing an attacker to bypass security restrictions.
Recommendations Update Thunderbird to version 141 or later. Update Thunderbird to version 140.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-350

Related Identifiers

ALT-PU-2025-10124
ALT-PU-2025-11495
ALT-PU-2025-11497
ALT-PU-2025-9988
BDU:2025-09460
CVE-2025-8036
OESA-2025-2340
OESA-2025-2341
OESA-2025-2359
OESA-2025-2360
OESA-2025-2361
OPENSUSE-SU-2025:15371-1
OPENSUSE-SU-2025:15383-1
OPENSUSE-SU-2025:15386-1
SUSE-SU-2025:02529-1
SUSE-SU-2025:02531-1
SUSE-SU-2025:02546-1
SUSE-SU-2025_02529-1
SUSE-SU-2025_02531-1
USN-7991-1

Affected Products

Alt Linux
Linuxmint
Suse
Thunderbird
Ubuntu