Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-8036

Опубликовано: 22 июл. 2025
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

Firefox cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox caches CORS preflight responses across IP address changes. This allows circumventing CORS with DNS rebinding.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10firefoxNot affected
Red Hat Enterprise Linux 10rhel10/firefox-flatpakNot affected
Red Hat Enterprise Linux 10rhel10/thunderbird-flatpakNot affected
Red Hat Enterprise Linux 10thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 8thunderbirdNot affected

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-350
https://bugzilla.redhat.com/show_bug.cgi?id=2382716firefox: thunderbird: DNS rebinding circumvents CORS

EPSS

Процентиль: 9%
0.00036
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

CVSS3: 8.1
ubuntu
12 дней назад

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

CVSS3: 8.1
nvd
12 дней назад

Firefox cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

CVSS3: 8.1
debian
12 дней назад

Firefox cached CORS preflight responses across IP address changes. Thi ...

CVSS3: 8.1
github
12 дней назад

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

suse-cvrf
6 дней назад

Security update for MozillaFirefox

EPSS

Процентиль: 9%
0.00036
Низкий

6.1 Medium

CVSS3