CVE-2025-5267UI Misrepresentation / Clickjacking in Mozilla Firefox

CWE-1021UI Misrepresentation / Clickjacking11 documents8 sources
Severity
5.4MEDIUMNVD
EPSS
0.4%
top 42.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla ThunderbirdMozilla Firefox
Timeline
PublishedMay 27
Latest updateJul 22

Description

A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDmozilla/firefox< 128.11.0+1
Debianmozilla/thunderbird< 1:128.11.0esr-1~deb11u1+3

🔴Vulnerability Details

3
OSV
CVE-2025-5267: A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page2025-05-27
GHSA
GHSA-xg8q-ggjx-6hx2: A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page2025-05-27
CVEList
Clickjacking vulnerability could have led to leaking saved payment card details2025-05-27

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2025-07-22
Red Hat
firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details2025-05-27
Debian
CVE-2025-5267: firefox - A clickjacking vulnerability could have been used to trick a user into leaking s...2025
Mozilla
Mozilla Foundation Security Advisory 2025-44: CVE-2025-5267
Mozilla
Mozilla Foundation Security Advisory 2025-46: CVE-2025-5267
CVE-2025-5267 — UI Misrepresentation / Clickjacking | cvebase