CVE-2025-10536

Vulnerability

Overview

CVE-2025-10536 is an information disclosure flaw in the Networking: Cache component of Mozilla products. The vulnerability was reported by Ibuki Sato and has an associated Bugzilla entry (Bug 1981502) [3][4]. The official description indicates that this issue leads to the unintended exposure of sensitive data through the browser's networking cache.

Exploitation

Context

Successful exploitation of this vulnerability would allow an attacker to access potentially sensitive information stored or processed by the Networking Cache component. The attack surface is likely web-based, as the component is involved in caching HTTP responses and other network data. No specific authentication or network position requirements are detailed, but typical exploitation would require some form of user interaction or a malicious page to trigger the information disclosure [1][2].

Impact

Assessment

An attacker exploiting this vulnerability could gain access to cached data that may include sensitive information such as session tokens, personal data, or other confidential content. Mozilla's security advisory rates the overall impact for this specific CVE as "low", and the product-wide impact for the advisory is rated as "high" due to the presence of other more severe vulnerabilities [1][2]. The Thunderbird advisories note that these flaws cannot be exploited through email because scripting is disabled when reading mail, but they remain potential risks in browser or browser-like contexts [2][3].

Mitigation

Status

Mozilla has addressed this vulnerability in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3 [1][2][3][4]. Users are strongly advised to update their software to the latest available versions to protect against this and other security issues fixed in these releases.