CVE-2025-4088

🗓️ 29 Apr 2025 13:13:43Reported by mozillaType

Security flaw in Thunderbird enables Cross-Site Request Forgery via Storage Access API on Firefox and Thunderbird.

Reporter	Title	Published	Views	Family All 211
FreeBSD	Mozilla -- Cross-Site Request Forgery	29 Apr 202500:00	–	freebsd
AlpineLinux	CVE-2025-4088	29 Apr 202514:15	–	alpinelinux
AstraLinux	Astra Linux - уязвимость в firefox	3 May 202623:59	–	astralinux
Circl	CVE-2025-4088	29 Apr 202515:50	–	circl
CNNVD	Mozilla Firefox 安全漏洞	29 Apr 202500:00	–	cnnvd
Cvelist	CVE-2025-4088 Cross-site request forgery via storage access API redirects	29 Apr 202513:13	–	cvelist
Debian CVE	CVE-2025-4088	29 Apr 202513:13	–	debiancve
EUVD	EUVD-2025-12651	3 Oct 202520:07	–	euvd
Tenable Nessus	Fedora 41 : firefox (2025-33d579ecb1)	7 May 202500:00	–	nessus
Tenable Nessus	FreeBSD : Mozilla -- Cross-Site Request Forgery (a4422500-2e85-11f0-a989-b42e991fc52e)	11 May 202500:00	–	nessus

NVD

Node

mozilla firefoxRange<138.0-

mozilla thunderbirdRange<138.0-

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "138",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "138",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  }
]

Source	Link
mozilla	www.mozilla.org/security/advisories/mfsa2025-28/
mozilla	www.mozilla.org/security/advisories/mfsa2025-31/
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi

13 Apr 2026 15:17Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.16.5

EPSS0.00116

SSVC

CWE-352