VDB
DEBIAN-CVE-2025-4083
DEBIAN-CVE-2025-4083
PUBLISHED
CVSS 9.100000381469727 CRITICAL
A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.
Risk Scores
CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | firefox-esr | 115.9.0, 115.9.1, 115.9.1 |
| Debian:14 | thunderbird | 0, 0 |
| Debian:14 | firefox-esr | 0, 0 |
| Debian:13 | firefox-esr | 0, 0 |
| Debian:13 | thunderbird | 0, 0 |
| Debian:12 | firefox-esr | 0, *, 128.9.0esr-2 |
| Debian:11 | thunderbird | 91.2.1-1, 1:102.0.1-1, 1:102.0.2-1 |
| Debian:12 | thunderbird | *, *, * |
Timeline
- Apr 29, 2025 CVE Published
- Apr 28, 2026 CVE Updated