JavaScript Execution Vulnerability in Mozilla Thunderbird and Firefox
CVE-2025-8029

8.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 22 July 2025

What is CVE-2025-8029?

A security flaw in Mozilla Thunderbird and Firefox allows for potential execution of JavaScript from javascript: URLs embedded in object and embed tags. This could lead to unauthorized actions or unwanted behavior when users interact with affected versions. Users are advised to upgrade to the latest versions to mitigate risks associated with this vulnerability.

Affected Version(s)

Firefox < 141

Firefox ESR < 128.13

Firefox ESR < 140.1

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1928021

https://www.mozilla.org/security/advisories/mfsa2025-56/

https://www.mozilla.org/security/advisories/mfsa2025-58/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2025
Vulnerability Reserved
Jul 22, 2025

Credit

Mirko Brodesser