CVE-2025-4083

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-4083

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4083.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-4083

Downstream

DEBIAN-CVE-2025-4083

DLA-4167-1

DLA-4172-1

DSA-5910-1

DSA-5912-1

OESA-2025-1486

OESA-2025-1487

OESA-2025-1488

OESA-2025-1489

OESA-2025-1835

RHSA-2025:4443

RHSA-2025:4458

RHSA-2025:4460

RHSA-2025:4751

RHSA-2025:4752

RHSA-2025:4753

RHSA-2025:4756

RHSA-2025:4797

RHSA-2025:7428

RHSA-2025:7506

RHSA-2025:7507

RHSA-2025:7543

RHSA-2025:7544

RHSA-2025:7545

RHSA-2025:7547

RHSA-2025:7689

RHSA-2025:7690

RHSA-2025:7691

RHSA-2025:7692

RHSA-2025:7693

RHSA-2025:7694

RHSA-2025:7695

RLSA-2025:4443

RLSA-2025:4458

RLSA-2025:4460

RLSA-2025:4797

RLSA-2025:7428

SUSE-SU-2025:1436-1

SUSE-SU-2025:1506-1

UBUNTU-CVE-2025-4083

USN-7663-1

Related

Published

2025-04-29T14:15:35Z

Modified

2025-08-09T19:01:26Z

Summary

[none]

Details

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.

References

Affected packages