Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-4088

Опубликовано: 29 апр. 2025
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.5

Описание

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138.

РелизСтатусПримечание
devel

not-affected

code not present
esm-infra/focal

DNE

focal

ignored

end of standard support, was needed
jammy

not-affected

code not present
noble

not-affected

code not present
oracular

not-affected

code not present
plucky

not-affected

code not present
upstream

released

138

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/noble

ignored

esm-infra/focal

DNE

focal

DNE

jammy

ignored

noble

ignored

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

ignored

esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

ignored

oracular

ignored

plucky

ignored

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/focal

needs-triage

esm-infra/bionic

ignored

focal

ignored

jammy

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

focal

ignored

jammy

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/jammy

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

ignored

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

not-affected

code not present
esm-infra/focal

DNE

focal

ignored

end of standard support, was needed
jammy

needed

noble

not-affected

code not present
oracular

not-affected

code not present
plucky

not-affected

code not present
upstream

released

138

Показывать по

Ссылки на источники

EPSS

Процентиль: 4%
0.00021
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2025-4088

CVSS3: 5.4
redhat
около 2 месяцев назад

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138.

nvd логотип

CVE-2025-4088

CVSS3: 6.5
nvd
около 2 месяцев назад

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138.

debian логотип

CVE-2025-4088

CVSS3: 6.5
debian
около 2 месяцев назад

A security vulnerability in Thunderbird allowed malicious sites to use ...

github логотип

GHSA-vvxh-6r52-hj35

CVSS3: 6.5
github
около 2 месяцев назад

A security vulnerability in Firefox allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138.

fstec логотип

BDU:2025-05382

CVSS3: 6.5
fstec
около 2 месяцев назад

Уязвимость интерфейса Storage Access API браузера Mozilla Firefox и почтового клиента Thunderbird, позволяющая нарушителю осуществить CSRF-атаку

EPSS

Процентиль: 4%
0.00021
Низкий

6.5 Medium

CVSS3

Уязвимость CVE-2025-4088