CVE-2025-8032

HIGH

Firefox <141, Firefox ESR <128.13, Firefox ESR <140.1, Thunderbird ...

Title source: llm

Description

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References (8)

Scores

CVSS v3 8.1
EPSS 0.0004
EPSS Percentile 13.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Classification

CWE
CWE-693
Status published

Affected Products (4)

mozilla/firefox < 128.13.0
mozilla/firefox < 141.0
mozilla/thunderbird < 128.13.0
mozilla/thunderbird < 141.0

Timeline

Published Jul 22, 2025
Tracked Since Feb 18, 2026