CVE-2025-4083

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Apr 29, 2025

Updated: May 9, 2025

CWE ID 653

Summary

CVE-2025-4083 is a process isolation vulnerability discovered in Thunderbird. The issue arises due to Thunderbird's mishandling of javascript: URIs, leading to content execution in the top-level document's process rather than the intended frame. This potentially enables a sandbox escape, threatening the security of Firefox versions below 138, Firefox ESR below 128.10, Firefox ESR below 115.23, Thunderbird below 138, and Thunderbird below 128.10. The vulnerability stems from the improper handling of these URIs, creating a risk for attackers to bypass intended security restrictions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Mozilla Firefox
Mozilla Thunderbird

Affected Vendors

Mozilla

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners