JavaScript Execution Vulnerability in Mozilla Thunderbird and Firefox
CVE-2025-8029

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 22 July 2025

What is CVE-2025-8029?

A security flaw in Mozilla Thunderbird and Firefox allows for potential execution of JavaScript from javascript: URLs embedded in object and embed tags. This could lead to unauthorized actions or unwanted behavior when users interact with affected versions. Users are advised to upgrade to the latest versions to mitigate risks associated with this vulnerability.

Affected Version(s)

Firefox < 141

Firefox ESR < 128.13

Firefox ESR < 140.1

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1928021

https://www.mozilla.org/security/advisories/mfsa2025-56/

https://www.mozilla.org/security/advisories/mfsa2025-58/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2025
Vulnerability Reserved
Jul 22, 2025

Credit

Mirko Brodesser