CVE-2025-4083

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-4083
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4083.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-4083
Downstream
Related
Published
2025-04-29T14:15:35Z
Modified
2025-08-09T19:01:26Z
Summary
[none]
Details

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.

References

Affected packages