vulnerability
Ubuntu: USN-7991-1 (CVE-2025-8036): Thunderbird vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:N) | Jul 22, 2025 | Jul 24, 2025 | Feb 4, 2026 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:N)
Published
Jul 22, 2025
Added
Jul 24, 2025
Modified
Feb 4, 2026
Description
Firefox cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.
Solution
ubuntu-upgrade-thunderbird
References
- CVE-2025-8036
- https://attackerkb.com/topics/CVE-2025-8036
- CWE-350
- UBUNTU-USN-7991-1
- URL-https://bugzilla.mozilla.org/show_bug.cgi?id=1960834
- URL-https://www.cve.org/CVERecord?id=CVE-2025-8036
- URL-https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8036
- URL-https://www.mozilla.org/security/advisories/mfsa2025-56/
- URL-https://www.mozilla.org/security/advisories/mfsa2025-59/
- URL-https://www.mozilla.org/security/advisories/mfsa2025-61/
- URL-https://www.mozilla.org/security/advisories/mfsa2025-63/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.