CVE-2025-4088

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-4088
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4088.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-4088
Downstream
Related
Published
2025-04-29T14:15:35.450Z
Modified
2026-03-23T05:07:30.346053706Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138.

References

Affected packages

Git /

Affected ranges

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4088.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "138.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "138.0"
            }
        ]
    }
]