{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-5267", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-05-27T12:29:25.508Z", "datePublished": "2025-05-27T12:29:25.942Z", "dateUpdated": "2026-04-13T14:29:10.584Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.11", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "139", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.11", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "139", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11."}]}], "title": "Clickjacking vulnerability could have led to leaking saved payment card details", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1954137"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-44/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-46/"}], "credits": [{"lang": "en", "value": "Ameen Basha M K"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:29:10.584Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1021", "lang": "en", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-27T17:44:29.781576Z", "id": "CVE-2025-5267", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-27T17:45:24.804Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:06:07.099Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:06:07.099Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-5267", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-27T17:44:29.781576Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1021", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-27T17:45:19.252Z"}}], "cna": {"title": "Clickjacking vulnerability could have led to leaking saved payment card details", "credits": [{"lang": "en", "value": "Ameen Basha M K"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "128.11", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "139", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.11", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "139", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1954137"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-44/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-46/"}], "descriptions": [{"lang": "en", "value": "A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.", "supportingMedia": [{"type": "text/html", "value": "A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:29:10.584Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5267", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:29:10.584Z", "dateReserved": "2025-05-27T12:29:25.508Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-05-27T12:29:25.942Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "4BA097AB-46D1-4C4E-9856-9109237940C3", "versionEndExcluding": "128.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "E2C0FE7C-6F8E-4F1D-A768-914194586E0C", "versionEndExcluding": "139.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11."}, {"lang": "es", "value": "Una vulnerabilidad de clickjacking podr\u00eda haberse utilizado para enga\u00f1ar a un usuario y que filtrara los datos de su tarjeta de pago a una p\u00e1gina maliciosa. Esta vulnerabilidad afecta a Firefox < 139 y Firefox ESR < 128.11."}], "id": "CVE-2025-5267", "lastModified": "2026-04-13T15:17:04.397", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-27T13:15:22.507", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1954137"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-42/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-44/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2025-45/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2025-46/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1021"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:8341", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "firefox-0:128.11.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-06-02T00:00:00Z"}, {"advisory": "RHSA-2025:8608", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "thunderbird-0:128.11.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-06-05T00:00:00Z"}, {"advisory": "RHSA-2025:9074", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:128.11.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-06-16T00:00:00Z"}, {"advisory": "RHSA-2025:8308", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:128.11.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-05-29T00:00:00Z"}, {"advisory": "RHSA-2025:8756", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:128.11.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-06-10T00:00:00Z"}, {"advisory": "RHSA-2025:8631", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:128.11.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:9075", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:128.11.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-06-16T00:00:00Z"}, {"advisory": "RHSA-2025:8630", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:128.11.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:9076", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:128.11.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-06-16T00:00:00Z"}, {"advisory": "RHSA-2025:8629", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:128.11.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:9155", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "firefox-0:128.11.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-06-17T00:00:00Z"}, {"advisory": "RHSA-2025:8629", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:128.11.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:9155", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "firefox-0:128.11.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-06-17T00:00:00Z"}, {"advisory": "RHSA-2025:8629", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:128.11.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:9155", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "firefox-0:128.11.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-06-17T00:00:00Z"}, {"advisory": "RHSA-2025:8628", "cpe": "cpe:/a:redhat:rhel_tus:8.8", "package": "thunderbird-0:128.11.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8628", "cpe": "cpe:/a:redhat:rhel_e4s:8.8", "package": "thunderbird-0:128.11.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:9077", "cpe": "cpe:/a:redhat:rhel_e4s:8.8", "package": "firefox-0:128.11.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date": "2025-06-16T00:00:00Z"}, {"advisory": "RHSA-2025:8293", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.11.0-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-29T00:00:00Z"}, {"advisory": "RHSA-2025:8607", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.11.0-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-05T00:00:00Z"}, {"advisory": "RHSA-2025:8598", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:128.11.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-06-05T00:00:00Z"}, {"advisory": "RHSA-2025:9073", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "firefox-0:128.11.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-06-16T00:00:00Z"}, {"advisory": "RHSA-2025:8642", "cpe": "cpe:/a:redhat:rhel_e4s:9.2", "package": "thunderbird-0:128.11.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:9071", "cpe": "cpe:/a:redhat:rhel_e4s:9.2", "package": "firefox-0:128.11.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date": "2025-06-16T00:00:00Z"}, {"advisory": "RHSA-2025:8599", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "thunderbird-0:128.11.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-06-05T00:00:00Z"}, {"advisory": "RHSA-2025:9072", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "firefox-0:128.11.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-06-16T00:00:00Z"}], "bugzilla": {"description": "firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details", "id": "2368750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368750"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-1021", "details": ["A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.", "A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A clickjacking vulnerability could be used to trick a user into leaking saved payment card details to a malicious page."], "name": "CVE-2025-5267", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/thunderbird-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2025-05-27T12:29:25Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-5267\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-5267\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5267\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5267"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-04-20T17:05:59.376013+00:00", "value": {"mitigation_remediation": ["Upgrade Mozilla Firefox to version\u00a0139 or later, or upgrade Firefox ESR to 128.11 or later.", "Upgrade Mozilla Thunderbird to version\u00a0139 or later, or upgrade Thunderbird ESR to 128.11 or later.", "If an upgrade is not immediately possible, restrict the ability of external sites to load internal browser pages in iframes by applying stricter content\u2011security\u2011policy headers or using a browser extension that blocks such embedding."], "summary": {"action": "Apply Patch", "impact": "Confidentiality Breach via Clickjacking"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox and Thunderbird are affected. The flaw was fixed in Firefox\u00a0139 and Firefox ESR\u00a0128.11, as well as in Thunderbird\u00a0139 and Thunderbird ESR\u00a0128.11. Versions older than these are vulnerable.", "description_and_impact": "A clickjacking flaw allowed a malicious site to trick a user into revealing the contents of saved payment card data that resides in the browser or email client. The weakness enables an attacker to read confidential payment details if the user interacts with a manipulated interface, which is classified as a User Interface API Dependency Error (CWE\u20111021).", "risk_and_exploitability": "The exploit requires the user to visit or interact with a malicious page that loads the vulnerable UI in an iframe or similar technique. Because the attack depends on user interaction, it does not allow remote code execution; the impact is limited to a confidentiality breach of locked\u2011in payment information. The CVSS score of 5.4 indicates moderate severity, while the EPSS of less than 1% suggests a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Consequently, the overall risk in an enterprise setting is moderate, with the primary threat being an inadvertent disclosure of stored card details."}}}}, "created": "2026-04-20T17:15:12.548841+00:00", "updated": "2026-04-20T17:15:12.548856+00:00", "vendors": []}