CVE-2025-4088

Sažetak

A security vulnerability in Firefox allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1953521
https://www.mozilla.org/security/advisories/mfsa2025-28/
https://www.mozilla.org/security/advisories/mfsa2025-31/

CVSS

Base:	6.5
Impact:	2.5
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Zadnje važnije ažuriranje

29-04-2025 - 16:15

Objavljeno

29-04-2025 - 14:15