Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-14331

Опубликовано: 09 дек. 2025
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Request Handling component.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10rhel10/firefox-flatpakAffected
Red Hat Enterprise Linux 10rhel10/thunderbird-flatpakAffected
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7thunderbirdOut of support scope
Red Hat Enterprise Linux 10firefoxFixedRHSA-2025:2303510.12.2025
Red Hat Enterprise Linux 10thunderbirdFixedRHSA-2026:002505.01.2026
Red Hat Enterprise Linux 10.0 Extended Update SupportthunderbirdFixedRHSA-2026:012406.01.2026
Red Hat Enterprise Linux 10.0 Extended Update SupportfirefoxFixedRHSA-2026:012706.01.2026
Red Hat Enterprise Linux 7 Extended Lifecycle SupportfirefoxFixedRHSA-2026:000705.01.2026

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2420512firefox: thunderbird: Same-origin policy bypass in the Request Handling component

EPSS

Процентиль: 11%
0.00037
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-14331

CVSS3: 6.5
ubuntu
4 месяца назад

Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

nvd логотип

CVE-2025-14331

CVSS3: 6.5
nvd
4 месяца назад

Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

debian логотип

CVE-2025-14331

CVSS3: 6.5
debian
4 месяца назад

Same-origin policy bypass in the Request Handling component. This vuln ...

github логотип

GHSA-pq76-9m6x-m6mx

CVSS3: 6.5
github
4 месяца назад

Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, and Firefox ESR < 140.6.

fstec логотип

BDU:2025-16360

CVSS3: 6.5
fstec
4 месяца назад

Уязвимость компонента Request Handling браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 11%
0.00037
Низкий

6.1 Medium

CVSS3