CVE-2025-8032 | THREATINT

Description

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

PUBLISHED Reserved 2025-07-22 | Published 2025-07-22 | Updated 2026-04-13 | Assigner mozilla

Product status

128.13 (rpm)

unaffected

140.1 (rpm)

unaffected

141 (rpm)

unaffected

128.13 (rpm)

unaffected

140.1 (rpm)

unaffected

141 (rpm)

unaffected

Credits

Joe Turki

References

lists.debian.org/debian-lts-announce/2025/07/msg00016.html

bugzilla.mozilla.org/show_bug.cgi?id=1974407

www.mozilla.org/security/advisories/mfsa2025-56/

www.mozilla.org/security/advisories/mfsa2025-58/

www.mozilla.org/security/advisories/mfsa2025-59/

www.mozilla.org/security/advisories/mfsa2025-61/

www.mozilla.org/security/advisories/mfsa2025-62/

www.mozilla.org/security/advisories/mfsa2025-63/

cve.org (CVE-2025-8032)

nvd.nist.gov (CVE-2025-8032)

Download JSON

help @ threatint.eu