VDB
CISA-2025-3029
CISA-2025-3029
PUBLISHED
CVSS 7.3 HIGH
Reported by mozilla · Published April 1, 2025
A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.
Risk Scores
CVSS 3.1
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | unspecified |
| Mozilla | Firefox ESR | unspecified |
| Mozilla | Thunderbird | unspecified |
| Mozilla | Thunderbird | unspecified |
| Mozilla | Firefox ESR | unspecified, unspecified |
| Mozilla | Thunderbird | unspecified, *, unspecified |
| Mozilla | Firefox | unspecified, unspecified |
Timeline
- Apr 1, 2025 CVE Published
- Apr 2, 2025 CVE Updated