cbcvebase.
CVE-2025-10529
published 2025-09-16

CVE-2025-10529: Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Affected

11 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 143.0-1 (sid)firefox 143.0-1 (sid)
debianfirefox-esr< firefox 143.0-1 (sid)firefox 143.0-1 (sid)
debianthunderbird< firefox 143.0-1 (sid)firefox 143.0-1 (sid)
mozillafirefox< 140.3.0140.3.0
mozillafirefox< 143.0143.0
mozillafirefox
mozillathunderbird< 143.0143.0
mozillathunderbird>= 0 < 1:140.3.0esr-1~deb11u11:140.3.0esr-1~deb11u1
mozillathunderbird>= 0 < 1:140.3.0esr-1~deb12u11:140.3.0esr-1~deb12u1
mozillathunderbird>= 0 < 1:140.3.0esr-1~deb13u11:140.3.0esr-1~deb13u1
mozillathunderbird>= 0 < 1:140.3.0esr-11:140.3.0esr-1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
osv6.5MEDIUM