Medium severity4.3NVD Advisory· Published May 27, 2025· Updated Apr 13, 2026
CVE-2025-5263
CVE-2025-5263
Description
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
Affected products
2cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*range: <115.24.0
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:-:*:*range: <139.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.mozilla.org/security/advisories/mfsa2025-42/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-43/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-44/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdPermissions Required
- lists.debian.org/debian-lts-announce/2025/05/msg00043.htmlnvd
- lists.debian.org/debian-lts-announce/2025/05/msg00046.htmlnvd
- www.mozilla.org/security/advisories/mfsa2025-45/nvd
- www.mozilla.org/security/advisories/mfsa2025-46/nvd
News mentions
0No linked articles in our index yet.