CVE-2025-4083 Information

Description

A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs which could allow content to execute in the top-level document’s process instead of the intended frame potentially enabling a sandbox escape. This vulnerability affects Firefox < 138 Firefox ESR < 128.10 Firefox ESR < 115.23 Thunderbird < 138 and Thunderbird ESR < 128.10.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1958350 https://www.mozilla.org/security/advisories/mfsa2025-28/ https://www.mozilla.org/security/advisories/mfsa2025-29/ https://www.mozilla.org/security/advisories/mfsa2025-30/ https://www.mozilla.org/security/advisories/mfsa2025-31/ https://www.mozilla.org/security/advisories/mfsa2025-32/