Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-8038

Опубликовано: 22 июл. 2025
Источник: redhat
CVSS3: 3.4
EPSS Низкий

Описание

Firefox ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox ignored paths when checking the validity of navigations in a frame.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10firefoxNot affected
Red Hat Enterprise Linux 10rhel10/firefox-flatpakNot affected
Red Hat Enterprise Linux 10rhel10/thunderbird-flatpakNot affected
Red Hat Enterprise Linux 10thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 8thunderbirdNot affected

Показывать по

Дополнительная информация

Статус:

Low
Дефект:
CWE-345
https://bugzilla.redhat.com/show_bug.cgi?id=2382705firefox: thunderbird: CSP frame-src was not correctly enforced for paths

EPSS

Процентиль: 6%
0.00029
Низкий

3.4 Low

CVSS3

Связанные уязвимости

CVSS3: 9.8
ubuntu
12 дней назад

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

CVSS3: 9.8
nvd
12 дней назад

Firefox ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

CVSS3: 9.8
debian
12 дней назад

Firefox ignored paths when checking the validity of navigations in a f ...

CVSS3: 9.8
github
12 дней назад

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

suse-cvrf
6 дней назад

Security update for MozillaFirefox

EPSS

Процентиль: 6%
0.00029
Низкий

3.4 Low

CVSS3