FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mozilla -- Cross-Site Request Forgery

Affected packages
firefox < 138.0,2
thunderbird < 138.0

Details

VuXML ID a4422500-2e85-11f0-a989-b42e991fc52e
Discovery 2025-04-29
Entry 2025-05-11

security@mozilla.org reports:

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins.

[source]

References

CVE Name CVE-2025-4088
URL https://nvd.nist.gov/vuln/detail/CVE-2025-4088

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.