{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10529", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-09-16T06:48:38.059Z", "datePublished": "2025-09-16T12:26:35.822Z", "dateUpdated": "2026-04-13T14:28:12.191Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "140.3", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "143", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "140.3", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "143", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."}]}], "title": "Same-origin policy bypass in the Layout component", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970490"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"}], "credits": [{"lang": "en", "value": "Daniel Holbert"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:28:12.191Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-942", "lang": "en", "description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-09-17T17:44:09.772488Z", "id": "CVE-2025-10529", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-17T17:44:13.559Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:08:31.807Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:08:31.807Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-10529", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-17T17:44:09.772488Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-942", "description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-17T17:43:39.766Z"}}], "cna": {"title": "Same-origin policy bypass in the Layout component", "credits": [{"lang": "en", "value": "Daniel Holbert"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "140.3", "versionType": "rpm", "lessThanOrEqual": "140.*"}, {"status": "unaffected", "version": "143", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "140.3", "versionType": "rpm", "lessThanOrEqual": "140.*"}, {"status": "unaffected", "version": "143", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970490"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"}], "descriptions": [{"lang": "en", "value": "Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.", "supportingMedia": [{"type": "text/html", "value": "Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:28:12.191Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10529", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:28:12.191Z", "dateReserved": "2025-09-16T06:48:38.059Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-09-16T12:26:35.822Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "277CA9C0-BD77-46D8-8191-F54598F7F47B", "versionEndExcluding": "140.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "6071B71C-B967-45B9-8CA4-1CB0A9E24D1A", "versionEndExcluding": "143.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B03DED4-F40B-4D9C-A29D-AD540CDF003D", "versionEndExcluding": "143.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."}], "id": "CVE-2025-10529", "lastModified": "2026-04-13T15:16:36.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-09-16T13:15:45.550", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970490"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-942"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:16109", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "firefox-0:140.3.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-09-17T00:00:00Z"}, {"advisory": "RHSA-2025:16108", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:140.3.0-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-09-17T00:00:00Z"}], "bugzilla": {"description": "firefox: thunderbird: Same-origin policy bypass in the Layout component", "id": "2395756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395756"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-10529", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/thunderbird-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-09-16T12:26:35Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-10529\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-10529\nhttps://www.mozilla.org/security/advisories/mfsa2025-75/#CVE-2025-10529\nhttps://www.mozilla.org/security/advisories/mfsa2025-78/#CVE-2025-10529"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T17:58:05.510468+00:00", "value": {"mitigation_remediation": ["Upgrade Firefox to version 143 or newer, or to ESR 140.3 or newer; Upgrade Thunderbird to version 143 or newer, or to ESR 140.3 or newer.", "If an update cannot be applied immediately, disable the Layout component in the affected products until the patch is installed or consider using a content security policy that blocks cross\u2011origin data access.", "Continue to monitor for suspicious web content and apply the latest security updates as soon as they become available."], "summary": {"action": "Immediate Patch", "impact": "Same-origin policy bypass"}, "threat_synthesis": {"affected_systems": "Vendors affected are Mozilla Firefox and Mozilla Thunderbird. The flaw exists in all Firefox releases prior to version 143 and Firefox ESR 140.3, and in all Thunderbird releases prior to version 143 and Thunderbird ESR 140.3. Users running earlier versions of these products on any supported platform are vulnerable.", "description_and_impact": "The vulnerability allows an attacker to bypass the browser's same-origin policy by exploiting a flaw in the Layout component. This flaw is classified as CWE-942 and permits cross-origin data access that would normally be restricted, potentially exposing sensitive information such as cookies, local storage, or other data.", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation at present. The issue is not listed in the CISA KEV catalog. Based on the description, the likely attack vector involves a malicious web page or local content that activates the vulnerable Layout component, allowing an attacker to read data from a different origin. No remote code execution or denial\u2011of\u2011service impact is described."}}}}, "created": "2025-09-17T10:04:55.145973+00:00", "updated": "2026-04-20T18:00:11.171770+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox", "mozilla$PRODUCT$firefox_esr", "mozilla$PRODUCT$thunderbird"]}