CVE-2025-11712Improper Encoding or Escaping of Output in Mozilla Firefox

CWE-116Improper Encoding or Escaping of OutputCWE-436Interpretation Conflict11 documents8 sources
Severity
6.1MEDIUMNVD
EPSS
0.0%
top 88.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla ThunderbirdMozilla Firefox
Timeline
PublishedOct 14
Latest updateFeb 2

Description

A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDmozilla/firefox< 140.4.0+1
NVDmozilla/thunderbird141.0144.0+1
Debianmozilla/thunderbird< 1:140.4.0esr-1~deb11u1+3

🔴Vulnerability Details

3
CVEList
An OBJECT tag type attribute overrode browser behavior on web resources without a content-type2025-10-14
GHSA
GHSA-rf6g-cf9f-g4v7: A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served2025-10-14
OSV
CVE-2025-11712: A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served2025-10-14

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2026-02-02
Red Hat
thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type2025-10-14
Debian
CVE-2025-11712: firefox - A malicious page could have used the type attribute of an OBJECT tag to override...2025
Mozilla
Mozilla Foundation Security Advisory 2025-81: CVE-2025-11712
Mozilla
Mozilla Foundation Security Advisory 2025-83: CVE-2025-11712
CVE-2025-11712 — Mozilla Firefox vulnerability | cvebase