VDB
DEBIAN-CVE-2025-8029
DEBIAN-CVE-2025-8029
PUBLISHED
CVSS 8.100000381469727 HIGH
Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | thunderbird | 0, 0 |
| Debian:13 | firefox-esr | 0, 0 |
| Debian:13 | thunderbird | 0, 0 |
| Debian:12 | firefox-esr | 128.6.0esr-1~deb11u3, 128.6.0esr-1~deb11u2, 128.6.0esr-1~deb11u1 |
| Debian:11 | firefox-esr | 128.8.0esr-1, 128.8.0esr-1~deb11u1, 128.8.0esr-1~deb12u1 |
| Debian:12 | thunderbird | 0, 1:102.12.0-1, 1:102.12.0-1~deb10u1 |
| Debian:11 | thunderbird | *, *, * |
| Debian:14 | firefox-esr | 0, 0 |
Timeline
- Jul 22, 2025 CVE Published
- Apr 28, 2026 CVE Updated