PT-2025-30486 · Mozilla+4 · Thunderbird+6

Uku Sõrmus

Published

2025-07-22

Updated

2026-02-02

CVE-2025-8037

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 141 Firefox ESR versions prior to 140.1 Thunderbird versions prior to 141 Thunderbird versions prior to 140.1

Description Setting a nameless cookie with an equals sign in the value shadowed other cookies. This occurred even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute.

Recommendations Update Firefox to version 141 or later. Update Firefox ESR to version 140.1 or later. Update Thunderbird to version 141 or later. Update Thunderbird to version 140.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-614

Related Identifiers

ALT-PU-2025-10124

ALT-PU-2025-10542

ALT-PU-2025-11495

ALT-PU-2025-11497

ALT-PU-2025-9988

BDU:2025-10491

CVE-2025-8037

OESA-2025-2340

OESA-2025-2341

OESA-2025-2359

OESA-2025-2360

OESA-2025-2361

OPENSUSE-SU-2025:15371-1

OPENSUSE-SU-2025:15383-1

OPENSUSE-SU-2025:15386-1

SUSE-SU-2025:02529-1

SUSE-SU-2025:02531-1

SUSE-SU-2025:02546-1

SUSE-SU-2025_02529-1

SUSE-SU-2025_02531-1

USN-7991-1

Affected Products

Alt Linux

Firefox

Firefox Esr

Linuxmint

Suse

Thunderbird

Ubuntu

PT-2025-30486 · Mozilla+4 · Thunderbird+6

CVE-2025-8037

Weakness Enumeration

Related Identifiers

Affected Products

References · 209