PT-2025-30487 · Mozilla · Thunderbird +2

Laurin Weger

Published

2025-07-22

Updated

2025-08-28

CVE-2025-8038

Report an issue

CVSS v2.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions:

Thunderbird versions prior to 141

Thunderbird versions prior to 140.1

Firefox versions prior to 141

Firefox ESR versions prior to 140.1

Description:

Thunderbird and Firefox incorrectly handled path validation during frame navigations. This issue could potentially allow for malicious actions due to improper navigation checks within a frame.

Recommendations:

Update Thunderbird to version 141 or later.

Update Thunderbird to version 140.1 or later.

Update Firefox to version 141 or later.

Update Firefox ESR to version 140.1 or later.

Fix

Insufficient Verification of Data Authenticity

Weakness Enumeration

CWE-345

Related Identifiers

BDU:2025-10494

CVE-2025-8038

SUSE-SU-2025:02531-1

SUSE-SU-2025:02546-1

Affected Products

Firefox

Firefox Esr

Thunderbird

PT-2025-30487 · Mozilla · Thunderbird +2

Weakness Enumeration

Related Identifiers

Affected Products

References · 45