Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-8036

Опубликовано: 22 июл. 2025
Источник: nvd
CVSS3: 8.1
EPSS Низкий

Описание

Firefox cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Версия до 140.1 (исключая)
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
Версия до 141.0 (исключая)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
Версия до 140.1 (исключая)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
Версия до 141.0 (исключая)

EPSS

Процентиль: 9%
0.00036
Низкий

8.1 High

CVSS3

Дефекты

CWE-350

Связанные уязвимости

CVSS3: 8.1
ubuntu
12 дней назад

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

CVSS3: 6.1
redhat
12 дней назад

Firefox cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

CVSS3: 8.1
debian
12 дней назад

Firefox cached CORS preflight responses across IP address changes. Thi ...

CVSS3: 8.1
github
12 дней назад

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

suse-cvrf
6 дней назад

Security update for MozillaFirefox

EPSS

Процентиль: 9%
0.00036
Низкий

8.1 High

CVSS3

Дефекты

CWE-350