VYPR
Medium severity6.1NVD Advisory· Published Oct 14, 2025· Updated Apr 13, 2026

CVE-2025-11712

CVE-2025-11712

Description

A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

38

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.