CVE-2025-10534Cross-site Scripting in Mozilla Firefox

CWE-79Cross-site Scripting8 documents7 sources
Severity
8.1HIGHNVD
EPSS
0.0%
top 89.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird
Timeline
PublishedSep 16

Description

Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

NVDmozilla/firefox< 143.0
NVDmozilla/thunderbird< 143.0

🔴Vulnerability Details

3
CVEList
Spoofing issue in the Site Permissions component2025-09-16
OSV
CVE-2025-10534: Spoofing issue in the Site Permissions component2025-09-16
GHSA
GHSA-pww6-475j-f225: This vulnerability affects Firefox < 143 and Thunderbird < 1432025-09-16

📋Vendor Advisories

4
Red Hat
firefox: Spoofing issue in the Site Permissions component2025-09-16
Debian
CVE-2025-10534: firefox - Spoofing issue in the Site Permissions component. This vulnerability affects Fir...2025
Mozilla
Mozilla Foundation Security Advisory 2025-73: CVE-2025-10534
Mozilla
Mozilla Foundation Security Advisory 2025-77: CVE-2025-10534
CVE-2025-10534 — Cross-site Scripting in Mozilla | cvebase