Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-8031

Опубликовано: 22 июл. 2025
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10rhel10/firefox-flatpakAffected
Red Hat Enterprise Linux 10rhel10/thunderbird-flatpakAffected
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7thunderbirdOut of support scope
Red Hat Enterprise Linux 8thunderbirdAffected
Red Hat Enterprise Linux 10firefoxFixedRHSA-2025:1179728.07.2025
Red Hat Enterprise Linux 10thunderbirdFixedRHSA-2025:1218829.07.2025
Red Hat Enterprise Linux 7 Extended Lifecycle SupportfirefoxFixedRHSA-2025:1227830.07.2025
Red Hat Enterprise Linux 8firefoxFixedRHSA-2025:1174724.07.2025

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-276
https://bugzilla.redhat.com/show_bug.cgi?id=2382704firefox: thunderbird: Incorrect URL stripping in CSP reports

EPSS

Процентиль: 30%
0.00108
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

CVSS3: 9.8
ubuntu
14 дней назад

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

CVSS3: 9.8
nvd
14 дней назад

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

CVSS3: 9.8
debian
14 дней назад

The `username:password` part was not correctly stripped from URLs in C ...

CVSS3: 9.8
github
14 дней назад

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

rocky
8 дней назад

Important: firefox security update

EPSS

Процентиль: 30%
0.00108
Низкий

6.1 Medium

CVSS3