CVE-2025-5267

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-5267

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-5267.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-5267

Downstream

DEBIAN-CVE-2025-5267

DLA-4191-1

DLA-4194-1

DSA-5926-1

DSA-5932-1

OESA-2025-1633

OESA-2025-1634

OESA-2025-1635

OESA-2025-1636

OESA-2025-1835

RHSA-2025:8293

RHSA-2025:8308

RHSA-2025:8341

RHSA-2025:8598

RHSA-2025:8599

RHSA-2025:8607

RHSA-2025:8608

RHSA-2025:8628

RHSA-2025:8629

RHSA-2025:8630

RHSA-2025:8631

RHSA-2025:8642

RHSA-2025:8756

RHSA-2025:9071

RHSA-2025:9072

RHSA-2025:9073

RHSA-2025:9074

RHSA-2025:9075

RHSA-2025:9076

RHSA-2025:9077

RHSA-2025:9155

RLSA-2025:8293

RLSA-2025:8308

RLSA-2025:8341

RLSA-2025:8607

RLSA-2025:8608

RLSA-2025:8756

SUSE-SU-2025:01814-1

UBUNTU-CVE-2025-5267

USN-7663-1

Related

Withdrawn

2026-01-27T04:20:13.669337Z

Published

2025-05-27T13:15:22Z

Modified

2026-01-27T04:20:13.669337Z

Summary

[none]

Details

A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

References

Affected packages