CNNVD-202507-2926 Information
CNNVD ID
CNNVD-202507-2926
Related CVE
- CNNVD Published: 2025-07-22
Description (Chinese)
Mozilla Firefox等都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。 Mozilla多款产品存在安全漏洞,该漏洞源于CSP报告中未正确剥离URL中的username password部分,可能导致HTTP基本认证凭据泄露。以下产品和版本受到影响:Firefox 141之前版本、Firefox ESR 128.13之前版本和140.1之前版本和Thunderbird 141之前版本、128.13之前版本和140.1之前版本。
Description (English)
Mozilla Firefox and others are products of the Mozilla Foundation in the United States. Mozilla Firefox is an open-source Web browser. Mozilla Firefox ESR is an extended support version of Firefox (Web Browser). Mozilla Thunderbird is an independent email client from Mozilla Application Suite. There is a safety gap in Mozilla ’ s multiple products, which stems from the incorrect removal of the username password section of the URL in the CSP report, which could lead to the disclosure of the HTTP basic authentication certificate. The following products and versions were affected: preFirefox 141, preFirefox ESR 128.13 and pre-140.1 and pre-Thunderbird 141, pre-128.13 and pre-140.1.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
Mozilla
Published
2025-07-22
Last Modified
2026-02-24
References
https://www.mozilla.org/security/advisories/mfsa2025-61/ https://www.mozilla.org/security/advisories/mfsa2025-62/ https://www.mozilla.org/security/advisories/mfsa2025-63/ https://www.mozilla.org/security/advisories/mfsa2025-56/ https://www.mozilla.org/security/advisories/mfsa2025-58/ https://www.mozilla.org/security/advisories/mfsa2025-59/ https://bugzilla.mozilla.org/show_bug.cgi?id=1971719 https://nvd.nist.gov/vuln/detail/CVE-2025-8031
Patch
https://www.firefox.com/zh-CN/?utm_campaign=SET_DEFAULT_BROWSER
Share on: