Primary

Context

Mozilla Thunderbird and Firefox CSP Frame Navigation Vulnerability

Vulnerability

A vulnerability exists in Mozilla Thunderbird and Firefox that relates to how navigations in frames are validated. The issue arises because the applications ignored paths when enforcing Content Security Policy (CSP) directives, specifically the 'frame-src' policy. This flaw could potentially be exploited in browser-like contexts, despite scripting being disabled for email in Thunderbird.

Impact

Exploitation of this vulnerability could lead to improper enforcement of Content Security Policy, allowing for unauthorized navigations in frames.

Remediation

Users can update to Thunderbird 141 or Firefox 141 to address this vulnerability.

Added: Jul 22, 2025, 9:25 PM

Updated: Jul 22, 2025, 9:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Thunderbird and Firefox CSP Frame Navigation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating