CVE-2025-8036 — Reliance on Reverse DNS Resolution for a Security-Critical Action in Mozilla Firefox

CWE-350 — Reliance on Reverse DNS Resolution for a Security-Critical Action11 documents8 sources

Severity

8.1HIGHNVD

EPSS

0.1%

top 79.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedJul 22

Latest updateFeb 2

Description

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

▶NVDmozilla/thunderbird< 140.1.0+1

▶Ubuntumozilla/thunderbird< 1:140.7.1+build1-0ubuntu0.22.04.1

▶NVDmozilla/firefox< 140.1.0+1

🔴Vulnerability Details

OSV

CVE-2025-8036: Thunderbird cached CORS preflight responses across IP address changes↗2025-07-22

▶

GHSA

GHSA-5g22-6w6r-pr2m: Thunderbird cached CORS preflight responses across IP address changes↗2025-07-22

▶

CVEList

DNS rebinding circumvents CORS↗2025-07-22

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2026-02-02

▶

Red Hat

firefox: thunderbird: DNS rebinding circumvents CORS↗2025-07-22

▶

Debian

CVE-2025-8036: firefox - Thunderbird cached CORS preflight responses across IP address changes. This allo...↗2025

▶

Mozilla

Mozilla Foundation Security Advisory 2025-63: CVE-2025-8036↗

▶

Mozilla

Mozilla Foundation Security Advisory 2025-56: CVE-2025-8036↗

▶