PT-2025-30487 · Mozilla +2 · Firefox Esr +4

Daniil Satyaev

+1

·

Published

2025-07-22

·

Updated

2025-10-01

·

CVE-2025-8038

CVSS v2.0
10
VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 141 Thunderbird versions prior to 140.1 Firefox versions prior to 141 Firefox ESR versions prior to 140.1
Description Thunderbird and Firefox incorrectly handled path validation during frame navigations. This issue could potentially allow for malicious actions due to improper navigation checks within a frame.
Recommendations Update Thunderbird to version 141 or later. Update Thunderbird to version 140.1 or later. Update Firefox to version 141 or later. Update Firefox ESR to version 140.1 or later.

Fix

Insufficient Verification of Data Authenticity

Weakness Enumeration

Related Identifiers

ALT-PU-2025-11495
ALT-PU-2025-11497
BDU:2025-10494
CVE-2025-8038
OESA-2025-2340
OESA-2025-2341
SUSE-SU-2025:02531-1
SUSE-SU-2025:02546-1
SUSE-SU-2025_02529-1
SUSE-SU-2025_02531-1

Affected Products

Alt Linux
Firefox
Firefox Esr
Suse
Thunderbird