Description
Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.
Published: 2025-07-22
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality and Integrity Compromise via CSP Bypass
Action: Immediate Patch
AI Analysis

Impact

The vulnerability involves improper enforcement of the CSP frame-src directive for URL paths, resulting in the browser ignoring path restrictions when validating frame navigations. An attacker can craft URLs that bypass these restrictions, allowing malicious content or scripts to be loaded within frames. This bypass undermines the intended security boundary of content‑security policies and can enable phishing, credential harvesting, or other forms of data tampering, effectively compromising the confidentiality and integrity of user data.

Affected Systems

Mozilla Firefox 140 and earlier, Firefox ESR 139 and earlier, Mozilla Thunderbird 140 and earlier, and Thunderbird ESR 139 and earlier are affected. The issue is fixed in Firefox 141 and later or ESR 140.1 and later, and in Thunderbird 141 and later or ESR 140.1 and later.

Risk and Exploitability

With a CVSS score of 9.8 the vulnerability is high severity, indicating a substantial potential impact. The EPSS score of less than 1% suggests a relatively low probability of exploitation at this time, and the vulnerability is not currently listed in CISA’s KEV catalog. However, the bug can be triggered by a user opening a maliciously crafted page or email that includes a frame whose source path is protected by frame‑src but is incorrectly validated. Thus, the likely attack vector involves a user-initiated action such as browsing or email attachment viewing, and while it does not provide direct remote code execution, it can facilitate the injection or execution of hostile content within the browser context.

Generated by OpenCVE AI on April 20, 2026 at 16:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox to version 141 or later, or to Firefox ESR 140.1 or later, to receive the fix that enforces CSP frame-src correctly.
  • Upgrade Mozilla Thunderbird to version 141 or later, or Thunderbird ESR 140.1 or later, to apply the patch for the path enforcement bug in frame navigation.
  • Re‑evaluate and tighten your CSP configuration so that the frame-src directive only lists trusted origins, and test that browsers honor these restrictions after the update.

Generated by OpenCVE AI on April 20, 2026 at 16:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-22364 Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.
Ubuntu USN Ubuntu USN USN-7991-1 Thunderbird vulnerabilities
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Thu, 30 Oct 2025 16:15:00 +0000

Type Values Removed Values Added
Title firefox: thunderbird: CSP frame-src was not correctly enforced for paths CSP frame-src was not correctly enforced for paths

Tue, 09 Sep 2025 06:45:00 +0000

Type Values Removed Values Added
Description Firefox ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

Wed, 30 Jul 2025 16:30:00 +0000

Type Values Removed Values Added
Description Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. Firefox ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

Tue, 29 Jul 2025 12:30:00 +0000

Type Values Removed Values Added
Title firefox: thunderbird: CSP frame-src was not correctly enforced for paths
References
Metrics threat_severity

None

 threat_severity

Low

Mon, 28 Jul 2025 14:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*

Wed, 23 Jul 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla firefox Esr
Mozilla thunderbird
Vendors & Products Mozilla
Mozilla firefox
Mozilla firefox Esr
Mozilla thunderbird

Wed, 23 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-345
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 22 Jul 2025 21:00:00 +0000

Type Values Removed Values Added
Description Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.
References

Subscriptions

Mozilla Firefox Firefox Esr Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:27:01.276Z

Reserved: 2025-07-22T10:14:06.430Z

Link: CVE-2025-8038

cve-icon Vulnrichment

Updated: 2025-07-23T13:49:21.376Z

cve-icon NVD

Status : Modified

Published: 2025-07-22T21:15:50.960

Modified: 2026-04-13T15:17:11.023

Link: CVE-2025-8038

cve-icon Redhat

Severity : Low

Publid Date: 2025-07-22T20:49:26Z

Links: CVE-2025-8038 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T17:00:12Z

Weaknesses