{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4083", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-04-29T13:13:35.922Z", "datePublished": "2025-04-29T13:13:36.578Z", "dateUpdated": "2026-04-13T14:27:17.492Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "115.23", "lessThanOrEqual": "115.*", "versionType": "rpm"}, {"status": "unaffected", "version": "128.10", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "138", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.10", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "138", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10."}]}], "title": "Process isolation bypass using \"javascript:\" URI links in cross-origin frames", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958350"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-29/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-30/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-32/"}], "credits": [{"lang": "en", "value": "Nika Layzell"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:27:17.492Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-653", "lang": "en", "description": "CWE-653 Improper Isolation or Compartmentalization"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-30T13:43:47.793246Z", "id": "CVE-2025-4083", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-07T19:42:24.539Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:58:48.900Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:58:48.900Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-4083", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-30T13:43:47.793246Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-653", "description": "CWE-653 Improper Isolation or Compartmentalization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T13:45:37.178Z"}}], "cna": {"title": "Process isolation bypass using \"javascript:\" URI links in cross-origin frames", "credits": [{"lang": "en", "value": "Nika Layzell"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "115.23", "versionType": "rpm", "lessThanOrEqual": "115.*"}, {"status": "unaffected", "version": "128.10", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "138", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.10", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "138", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958350"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-29/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-30/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-32/"}], "descriptions": [{"lang": "en", "value": "A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.", "supportingMedia": [{"type": "text/html", "value": "A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:27:17.492Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4083", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:27:17.492Z", "dateReserved": "2025-04-29T13:13:35.922Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-04-29T13:13:36.578Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "C120A37E-1333-4278-9527-4F370BC78EA8", "versionEndExcluding": "115.23", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "EB8A8C7B-B65D-4DF5-BDB5-0C3C4E2DB72C", "versionEndExcluding": "138.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "78457AB7-7F72-41FA-99F5-EE6D2B2AC9F9", "versionEndExcluding": "128.10", "versionStartIncluding": "128.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "matchCriteriaId": "DC19822B-CC07-4C6F-BAAD-C7A9C4E73FA9", "versionEndExcluding": "128.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "matchCriteriaId": "D1E8CCF1-4E91-44CC-A652-B23D1337A485", "versionEndExcluding": "138.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10."}, {"lang": "es", "value": "Una vulnerabilidad de aislamiento de procesos en Firefox se origin\u00f3 debido a una gesti\u00f3n inadecuada de las URI de JavaScript, lo que podr\u00eda permitir que el contenido se ejecutara en el proceso del documento de nivel superior en lugar del marco previsto, lo que podr\u00eda habilitar un escape de la zona protegida. Esta vulnerabilidad afecta a Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138 y Thunderbird ESR < 128.10."}], "id": "CVE-2025-4083", "lastModified": "2026-04-13T15:16:59.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-04-29T14:15:35.003", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958350"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-28/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-29/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-30/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-31/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-32/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-653"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:7506", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "firefox-0:128.10.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:7507", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "thunderbird-0:128.10.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:4751", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:128.10.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:4458", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:128.10.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2025:4797", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:128.10.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-05-12T00:00:00Z"}, {"advisory": "RHSA-2025:7547", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:128.10.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7693", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:128.10.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7545", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7691", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7545", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "firefox-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7691", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7545", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "firefox-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7691", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7544", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "firefox-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7690", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7544", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "firefox-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7690", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7544", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "firefox-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7690", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7543", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "firefox-0:128.10.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7689", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "thunderbird-0:128.10.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:4443", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.10.0-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2025:4460", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.10.0-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2025:7428", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.10.0-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:4753", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "firefox-0:128.10.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:7692", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:128.10.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:4752", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "firefox-0:128.10.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:7694", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "thunderbird-0:128.10.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:4756", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "firefox-0:128.10.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:7695", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "thunderbird-0:128.10.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-05-15T00:00:00Z"}], "bugzilla": {"description": "firefox: thunderbird: Process isolation bypass using \"javascript:\" URI links in cross-origin frames", "id": "2362907", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362907"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "status": "verified"}, "cwe": "CWE-653", "details": ["A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10."], "name": "CVE-2025-4083", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-29T13:13:36Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-4083\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4083\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1958350\nhttps://www.mozilla.org/security/advisories/mfsa2025-28/\nhttps://www.mozilla.org/security/advisories/mfsa2025-29/\nhttps://www.mozilla.org/security/advisories/mfsa2025-30/\nhttps://www.mozilla.org/security/advisories/mfsa2025-31/\nhttps://www.mozilla.org/security/advisories/mfsa2025-32/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-20T17:16:11.343480+00:00", "value": {"mitigation_remediation": ["Update Firefox to at least version 138 or an equivalent ESR release (115.23 or 128.10) and update Thunderbird to version 138 or the recommended ESR release (128.10).", "If an immediate software update is not possible, block or strip \"javascript:\" scheme links in cross\u2011origin frames\u2014e.g., configure the browser or mail client to reject or sanitize such URIs before rendering.", "Stay alert for new advisories or definitions in the Mozilla security advisories and consider enabling additional sandboxing or content\u2011policy controls if available."], "summary": {"action": "Patch Immediately", "impact": "Process Isolation Bypass"}, "threat_synthesis": {"affected_systems": "This issue affects Mozilla products, specifically Firefox and Thunderbird. The bulletin specifies that the security patch was released for Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10. Earlier versions of these browsers are thus vulnerable. There is no explicit mention of other vendors in the description, although the Common Platform Enumeration list includes various Red\u00a0Hat products, the impact on them is not directly asserted.", "description_and_impact": "The flaw stems from improper handling of \"javascript:\" URIs within cross\u2011origin frames, allowing content to execute in the top\u2011level document\u2019s process instead of the intended sandboxed frame. This can lead to a sandbox escape where malicious code gains the privileges of the host process, potentially compromising both confidentiality and integrity of the system. The vulnerability is identified as CWE\u2011653 and is rated with a CVSS score of 9.1.", "risk_and_exploitability": "The EPSS score of less than 1% indicates that exploitation is considered rare, and the vulnerability is not yet listed in CISA\u2019s KEV catalog, implying no public exploits are known. The likely attack vector involves a user visiting a page or opening a message containing a cross\u2011origin frame that loads a \"javascript:\" URL; from there an attacker could coerce the host process to execute malicious code. Exact conditions for exploitation are not described beyond the use of such a URI, so the threat is generally limited to environments where arbitrary web content or email can be rendered without additional controls."}}}}, "created": "2026-04-20T17:30:12.660576+00:00", "updated": "2026-04-20T17:30:12.660586+00:00", "vendors": []}