CVE-2025-8038

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 141 Thunderbird versions prior to 140.1 Firefox versions prior to 141 Firefox ESR versions prior to 140.1

Description Thunderbird and Firefox incorrectly handled path validation during frame navigations. This issue could potentially allow for malicious actions due to improper navigation checks within a frame.

Recommendations Update Thunderbird to version 141 or later. Update Thunderbird to version 140.1 or later. Update Firefox to version 141 or later. Update Firefox ESR to version 140.1 or later.

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

ALT-PU-2025-10124

ALT-PU-2025-11495

ALT-PU-2025-11497

ALT-PU-2025-9988

BDU:2025-10494

CVE-2025-8038

OESA-2025-2340

OESA-2025-2341

OESA-2025-2359

OESA-2025-2360

OESA-2025-2361

OPENSUSE-SU-2025:15371-1

OPENSUSE-SU-2025:15383-1

OPENSUSE-SU-2025:15386-1

SUSE-SU-2025:02529-1

SUSE-SU-2025:02531-1

SUSE-SU-2025:02546-1

SUSE-SU-2025_02529-1

SUSE-SU-2025_02531-1

USN-7991-1

Affected Products

Alt Linux

Firefox

Firefox Esr

Linuxmint

Suse

Thunderbird

Ubuntu

CVE-2025-8038

Weakness Enumeration

Related Identifiers

Affected Products

References · 206