FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mozilla -- javescript content execution

Affected packages
firefox < 138.0,2
firefox-esr < 128.10,1
thunderbird < 138.0

Details

VuXML ID 9c37a02e-2e85-11f0-a989-b42e991fc52e
Discovery 2025-04-29
Entry 2025-05-11

security@mozilla.org reports:

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape.

[source]

References

CVE Name CVE-2025-4083
URL https://nvd.nist.gov/vuln/detail/CVE-2025-4083

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.