Home > Vulnerability Database > CVE-2025-0237

Mend.io Vulnerability Database

CVE-2025-0237

Date: January 7, 2025

The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

Severity Score

5.4

Related Resources (7)

Url: https://www.mozilla.org/security/advisories/mfsa2025-04/

Url: https://www.mozilla.org/security/advisories/mfsa2025-05/

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-0237

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1915257

Url: https://www.mozilla.org/security/advisories/mfsa2025-02/

Url: https://www.mozilla.org/security/advisories/mfsa2025-01/

Url: https://www.mend.io/vulnerability-database/CVE-2025-0237

Severity Score

5.4

Weakness Type (CWE)

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-0237

Date: January 7, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?