VYPR
Medium severity5.4NVD Advisory· Published Jan 7, 2025· Updated Apr 13, 2026

CVE-2025-0237

CVE-2025-0237

Description

The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

34

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.