CVE-2025-8031

Sažetak

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1971719
https://www.mozilla.org/security/advisories/mfsa2025-56/
https://www.mozilla.org/security/advisories/mfsa2025-58/
https://www.mozilla.org/security/advisories/mfsa2025-59/
https://www.mozilla.org/security/advisories/mfsa2025-61/
https://www.mozilla.org/security/advisories/mfsa2025-62/
https://www.mozilla.org/security/advisories/mfsa2025-63/
https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

13-04-2026 - 15:17

Objavljeno

22-07-2025 - 21:15