CVE-2025-0237

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-0237
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
CVSS

No CVSS.

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1915257 Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2025-01/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-02/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-04/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-05/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
History

03 Apr 2025, 16:29

Type Values Removed Values Added
First Time Mozilla thunderbird
Mozilla
Mozilla firefox
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1915257 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1915257 - Issue Tracking, Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2025-04/ - () https://www.mozilla.org/security/advisories/mfsa2025-04/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2025-05/ - () https://www.mozilla.org/security/advisories/mfsa2025-05/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2025-01/ - () https://www.mozilla.org/security/advisories/mfsa2025-01/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2025-02/ - () https://www.mozilla.org/security/advisories/mfsa2025-02/ - Vendor Advisory

13 Jan 2025, 22:15

Type Values Removed Values Added
Summary The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6. The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

09 Jan 2025, 09:15

Type Values Removed Values Added
Summary The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6. The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6.
References
  • () https://www.mozilla.org/security/advisories/mfsa2025-04/ -
  • () https://www.mozilla.org/security/advisories/mfsa2025-05/ -

07 Jan 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-07 16:15

Updated : 2025-04-03 16:29

NVD link : CVE-2025-0237

Mitre link : CVE-2025-0237

JSON object : View

Products Affected

mozilla

  • firefox
  • thunderbird
CWE

No CWE.