CVE-2025-0237

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-0237

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-0237.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-0237

Downstream

DEBIAN-CVE-2025-0237

DLA-4011-1

DLA-4012-1

DSA-5839-1

DSA-5841-1

OESA-2025-1085

OESA-2025-1086

OESA-2025-1835

RHSA-2025:0080

RHSA-2025:0132

RHSA-2025:0133

RHSA-2025:0134

RHSA-2025:0135

RHSA-2025:0136

RHSA-2025:0137

RHSA-2025:0138

RHSA-2025:0144

RHSA-2025:0147

RHSA-2025:0162

RHSA-2025:0165

RHSA-2025:0166

RHSA-2025:0167

RHSA-2025:0275

RHSA-2025:0281

RHSA-2025:0284

RHSA-2025:0286

RHSA-2025:0287

SUSE-SU-2025:0056-1

SUSE-SU-2025:0059-1

SUSE-SU-2025:0080-1

UBUNTU-CVE-2025-0237

USN-7191-1

openSUSE-SU-2025:14619-1

openSUSE-SU-2025:14630-1

openSUSE-SU-2025:14648-1

openSUSE-SU-2025:14764-1

Related

Published

2025-01-07T16:15:38Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

References

Affected packages