Primary

Context

Mozilla Firefox and Thunderbird Clickjacking Vulnerability in Protocol Handler Registration

Vulnerability

Patched

A clickjacking vulnerability has been identified in Mozilla Firefox and Thunderbird. A web page could manipulate a user into unintentionally setting that site as the default handler for a custom URL protocol. This issue affects Firefox versions prior to 136, Firefox ESR versions prior to 128.8, and Thunderbird versions prior to 136 and 128.8.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the user's default protocol handler, potentially allowing malicious websites to hijack custom URL protocols.

Remediation

Users can update to Firefox 136, Firefox ESR 128.8, or Thunderbird 136 or 128.8 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox and Thunderbird Clickjacking Vulnerability in Protocol Handler Registration

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

Mozilla Thunderbird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating