Description
Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
Published: 2025-09-16
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting leading to spoofing
Action: Update
AI Analysis

Impact

This flaw allows an attacker to manipulate the Site Permissions user interface in Firefox and Thunderbird, causing the browser to present falsified permission prompts. The vulnerability is classified as CWE‑79, indicating potential for cross‑site scripting, which can lead to spoofing of trusted permissions. The impact is primarily the deception of users into granting or reviewing permissions under false pretenses, compromising the integrity of the browser's permission model.

Affected Systems

Mozilla Firefox and Mozilla Thunderbird browsers are impacted. All releases prior to version 143 of each product contain the vulnerability; the flaw was addressed in the 143 update.

Risk and Exploitability

The CVSS score of 8.1 classifies the issue as high severity, yet the EPSS score of less than 1 % indicates a low current exploitation probability. The vulnerability has not been listed in the CISA KEV catalog. Likely exploitation would involve delivering a crafted website that manipulates the Site Permissions component, but the attack requires the user to visit such a malicious site or click a link containing the crafted payload. Based on the description, it can be inferred that the attack vector is web‑based with user interaction as a prerequisite.

Generated by OpenCVE AI on April 20, 2026 at 19:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest version of Firefox or Thunderbird (143 or newer).
  • Reset site permissions to the default or ‘Ask’ setting for sites that do not require explicit grants.
  • Guard against unwanted JavaScript execution by disabling or limiting pop‑ups and scripting on untrusted source pages.

Generated by OpenCVE AI on April 20, 2026 at 19:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29554 This vulnerability affects Firefox < 143 and Thunderbird < 143.
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Spoofing issue in the Site Permissions component. This vulnerability affects Firefox < 143 and Thunderbird < 143. Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.

Thu, 30 Oct 2025 16:30:00 +0000

Type Values Removed Values Added
Description This vulnerability affects Firefox < 143 and Thunderbird < 143. Spoofing issue in the Site Permissions component. This vulnerability affects Firefox < 143 and Thunderbird < 143.
Title firefox: Spoofing issue in the Site Permissions component Spoofing issue in the Site Permissions component

Fri, 19 Sep 2025 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Thu, 18 Sep 2025 00:15:00 +0000

Type Values Removed Values Added
Title firefox: Spoofing issue in the Site Permissions component
References
Metrics threat_severity

None

 threat_severity

Low

Wed, 17 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla thunderbird
Vendors & Products Mozilla
Mozilla firefox
Mozilla thunderbird

Tue, 16 Sep 2025 15:00:00 +0000

Type Values Removed Values Added
Description This vulnerability affects Firefox < 143. This vulnerability affects Firefox < 143 and Thunderbird < 143.
References

Tue, 16 Sep 2025 12:45:00 +0000

Type Values Removed Values Added
Description This vulnerability affects Firefox < 143.
References

Subscriptions

Mozilla Firefox Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:28:21.557Z

Reserved: 2025-09-16T06:48:46.636Z

Link: CVE-2025-10534

cve-icon Vulnrichment

Updated: 2025-09-17T14:00:21.937Z

cve-icon NVD

Status : Modified

Published: 2025-09-16T13:15:48.007

Modified: 2026-04-13T15:16:37.050

Link: CVE-2025-10534

cve-icon Redhat

Severity : Low

Publid Date: 2025-09-16T12:26:38Z

Links: CVE-2025-10534 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T19:45:15Z

Weaknesses