{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8038", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-07-22T10:14:06.430Z", "datePublished": "2025-07-22T20:49:26.764Z", "dateUpdated": "2026-04-13T14:27:01.276Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "140.1", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "141", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "140.1", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "141", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1."}]}], "title": "CSP frame-src was not correctly enforced for paths", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1808979"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"}], "credits": [{"lang": "en", "value": "Laurin Weger"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:27:01.276Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-345", "lang": "en", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-23T13:44:20.166233Z", "id": "CVE-2025-8038", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-04T15:52:59.700Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-8038", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-23T13:44:20.166233Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-23T13:49:21.376Z"}}], "cna": {"title": "CSP frame-src was not correctly enforced for paths", "credits": [{"lang": "en", "value": "Laurin Weger"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "140.1", "versionType": "rpm", "lessThanOrEqual": "140.*"}, {"status": "unaffected", "version": "141", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "140.1", "versionType": "rpm", "lessThanOrEqual": "140.*"}, {"status": "unaffected", "version": "141", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1808979"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"}], "descriptions": [{"lang": "en", "value": "Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.", "supportingMedia": [{"type": "text/html", "value": "Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:27:01.276Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8038", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:27:01.276Z", "dateReserved": "2025-07-22T10:14:06.430Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-07-22T20:49:26.764Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "B4D5C090-29D0-4488-843B-6CAAA287CF91", "versionEndExcluding": "140.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "8684A46E-D70A-4830-8971-A6DCC360F422", "versionEndExcluding": "141.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "matchCriteriaId": "F6B4AF14-07DC-4941-9531-9CFC6CE00567", "versionEndExcluding": "140.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "matchCriteriaId": "95D506DD-BD9B-4D90-802F-5BE673F1CF14", "versionEndExcluding": "141.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1."}, {"lang": "es", "value": "Thunderbird ignoraba las rutas al comprobar la validez de las navegaciones en un frame. Esta vulnerabilidad afecta a Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141 y Thunderbird < 140.1."}], "id": "CVE-2025-8038", "lastModified": "2026-04-13T15:17:11.023", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-22T21:15:50.960", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1808979"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: thunderbird: CSP frame-src was not correctly enforced for paths", "id": "2382705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382705"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-345", "details": ["Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.", "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue:\nFirefox ignored paths when checking the validity of navigations in a frame."], "name": "CVE-2025-8038", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rhel10/thunderbird-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-22T20:49:26Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-8038\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-8038\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1808979\nhttps://www.mozilla.org/security/advisories/mfsa2025-56/\nhttps://www.mozilla.org/security/advisories/mfsa2025-59/\nhttps://www.mozilla.org/security/advisories/mfsa2025-61/\nhttps://www.mozilla.org/security/advisories/mfsa2025-63/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-04-20T16:54:14.213872+00:00", "value": {"mitigation_remediation": ["Upgrade Mozilla Firefox to version 141 or later, or to Firefox ESR 140.1 or later, to receive the fix that enforces CSP frame-src correctly.", "Upgrade Mozilla Thunderbird to version 141 or later, or Thunderbird ESR 140.1 or later, to apply the patch for the path enforcement bug in frame navigation.", "Re\u2011evaluate and tighten your CSP configuration so that the frame-src directive only lists trusted origins, and test that browsers honor these restrictions after the update."], "summary": {"action": "Immediate Patch", "impact": "Confidentiality and Integrity Compromise via CSP Bypass"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox 140 and earlier, Firefox ESR 139 and earlier, Mozilla Thunderbird 140 and earlier, and Thunderbird ESR 139 and earlier are affected. The issue is fixed in Firefox 141 and later or ESR 140.1 and later, and in Thunderbird 141 and later or ESR 140.1 and later.", "description_and_impact": "The vulnerability involves improper enforcement of the CSP frame-src directive for URL paths, resulting in the browser ignoring path restrictions when validating frame navigations. An attacker can craft URLs that bypass these restrictions, allowing malicious content or scripts to be loaded within frames. This bypass undermines the intended security boundary of content\u2011security policies and can enable phishing, credential harvesting, or other forms of data tampering, effectively compromising the confidentiality and integrity of user data.", "risk_and_exploitability": "With a CVSS score of 9.8 the vulnerability is high severity, indicating a substantial potential impact. The EPSS score of less than 1% suggests a relatively low probability of exploitation at this time, and the vulnerability is not currently listed in CISA\u2019s KEV catalog. However, the bug can be triggered by a user opening a maliciously crafted page or email that includes a frame whose source path is protected by frame\u2011src but is incorrectly validated. Thus, the likely attack vector involves a user-initiated action such as browsing or email attachment viewing, and while it does not provide direct remote code execution, it can facilitate the injection or execution of hostile content within the browser context."}}}}, "created": "2025-07-23T17:36:03.295691+00:00", "updated": "2026-04-20T17:00:12.733874+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox", "mozilla$PRODUCT$firefox_esr", "mozilla$PRODUCT$thunderbird"]}