AI description
CVE-2025-5263 is a security vulnerability found in Mozilla Firefox, as well as Thunderbird. The vulnerability stems from error handling for script execution not being properly isolated from web content. This improper isolation could allow cross-origin leak attacks, potentially exposing sensitive information across different origins. The vulnerability affects Firefox versions prior to 139, Firefox ESR versions prior to 115.24 and 128.11, Thunderbird versions prior to 139, and Thunderbird versions prior to 128.11. To mitigate this vulnerability, users are advised to update to Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, or Thunderbird 128.11 or later.
- Description
- Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
- Source
- security@mozilla.org
- NVD status
- Modified
- Products
- firefox
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-346
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2025-5263 2 - CVE-2024-52597 3 - CVE-2025-5777 4 - CVE-2025-6543 5 - CVE-2025-33108 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
30 Jun 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google CTF is over! One of the challenges was about CVE-2025-5263 I recently discovered in Firefox (and Chrome). See the writeup at https://t.co/8PcUBIVNld
@terjanq
29 Jun 2025
14485 Impressions
49 Retweets
296 Likes
160 Bookmarks
1 Reply
0 Quotes
CVE-2025-5263 Cross-Origin Information Leak Vulnerability in Firefox Browsers Before 139 https://t.co/sLrBMwpkDW
@VulmonFeeds
27 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5263 Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < … https://t.co/hvXDfBIPA1
@CVEnew
27 May 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "062A22E3-C6FE-4948-98F5-217EFE0638FC",
"versionEndExcluding": "115.24.0"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "15C1A9DA-6058-461E-ADDC-2BF45F8BC2B0",
"versionEndExcluding": "139.0"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA9173F0-1559-4152-9B7F-30ABCF70BE80",
"versionEndExcluding": "128.11.0",
"versionStartIncluding": "116.0"
}
],
"operator": "OR"
}
]
}
]