Description
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.
Published: 2025-07-22
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: CORS bypass via DNS rebinding
Action: Apply Patch
AI Analysis

Impact

The vulnerability enables malicious sites to conduct DNS rebinding, causing the browser to cache CORS preflight responses across IP address changes. This caching allows the site to send cross‑origin requests that would normally be blocked by the browser’s CORS policy. The consequence is that the attacker can access resources or perform actions on a target origin that the origin intends to protect through CORS, potentially exposing data or functionality meant to be restricted to its own domain.

Affected Systems

Mozilla Firefox and Thunderbird, all standard and ESR releases prior to Firefox 141 (including ESR versions below 140.1) and Thunderbird prior to 141 (including ESR versions below 140.1) are affected. The fix is available in Firefox 141 and ESR 140.1 and Thunderbird 141 and ESR 140.1.

Risk and Exploitability

The CVSS score of 8.1 indicates a high severity vulnerability, but the EPSS score of less than 1% suggests a very low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to lure a user to a malicious origin capable of performing DNS rebinding; thus the risk primarily concerns phishing or compromised DNS infrastructure scenarios.

Generated by OpenCVE AI on April 20, 2026 at 22:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Firefox 141 or later, or Firefox ESR 140.1, and to Thunderbird 141 or 140.1 to apply the vendor fix.
  • If an immediate upgrade is not possible, configure the browser or runtime environment to prevent caching of CORS preflight responses when the host changes, if such a configuration option is available.
  • Strengthen DNS policies by applying DNS rebinding protection on network devices, proxies, or firewalls to reduce the ability of attackers to switch a domain’s IP address during a session.

Generated by OpenCVE AI on April 20, 2026 at 22:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-22369 Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.
Ubuntu USN Ubuntu USN USN-7991-1 Thunderbird vulnerabilities
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Mon, 03 Nov 2025 18:30:00 +0000

Type Values Removed Values Added
References

Thu, 30 Oct 2025 16:15:00 +0000

Type Values Removed Values Added
Title firefox: thunderbird: DNS rebinding circumvents CORS DNS rebinding circumvents CORS

Tue, 09 Sep 2025 06:45:00 +0000

Type Values Removed Values Added
Description Firefox cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

Wed, 30 Jul 2025 16:30:00 +0000

Type Values Removed Values Added
Description Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. Firefox cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

Tue, 29 Jul 2025 12:30:00 +0000

Type Values Removed Values Added
Title firefox: thunderbird: DNS rebinding circumvents CORS
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 28 Jul 2025 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*

Wed, 23 Jul 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla firefox Esr
Mozilla thunderbird
Vendors & Products Mozilla
Mozilla firefox
Mozilla firefox Esr
Mozilla thunderbird

Wed, 23 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-350
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 22 Jul 2025 21:00:00 +0000

Type Values Removed Values Added
Description Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.
References

Subscriptions

Mozilla Firefox Firefox Esr Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:26:51.977Z

Reserved: 2025-07-22T10:14:02.586Z

Link: CVE-2025-8036

cve-icon Vulnrichment

Updated: 2025-11-03T17:45:30.593Z

cve-icon NVD

Status : Modified

Published: 2025-07-22T21:15:50.760

Modified: 2026-04-13T15:17:10.650

Link: CVE-2025-8036

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-07-22T20:49:25Z

Links: CVE-2025-8036 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T22:15:06Z

Weaknesses