CVE-2025-5263Origin Validation Error in Mozilla Firefox

CWE-346Origin Validation ErrorCWE-829Inclusion of Functionality from Untrusted Control Sphere12 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 59.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla ThunderbirdMozilla Firefox
Timeline
PublishedMay 27
Latest updateJul 22

Description

Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDmozilla/firefox116.0128.11.0+2
Debianmozilla/thunderbird< 1:128.11.0esr-1~deb11u1+3

🔴Vulnerability Details

3
CVEList
Error handling for script execution was incorrectly isolated from web content2025-05-27
GHSA
GHSA-pjg4-cx24-6mjc: Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks2025-05-27
OSV
CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks2025-05-27

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2025-07-22
Red Hat
firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content2025-05-27
Debian
CVE-2025-5263: firefox - Error handling for script execution was incorrectly isolated from web content, w...2025
Mozilla
Mozilla Foundation Security Advisory 2025-46: CVE-2025-5263
Mozilla
Mozilla Foundation Security Advisory 2025-43: CVE-2025-5263
CVE-2025-5263 — Origin Validation Error in Mozilla | cvebase