CVE-2025-8036 DNS rebinding circumvents CORS

🗓️ 22 Jul 2025 20:49:25Reported by mozillaType

Thunderbird cached CORS responses, allowing DNS rebinding vulnerability affecting multiple versions.

Reporter	Title	Published	Views	Family All 207
FreeBSD	Mozilla -- CORS circumvention	22 Jul 202500:00	–	freebsd
ATTACKERKB	CVE-2025-8036	22 Jul 202520:49	–	attackerkb
AlpineLinux	CVE-2025-8036	22 Jul 202521:15	–	alpinelinux
AstraLinux	Astra Linux - уязвимость в firefox	20 May 202605:53	–	astralinux
BDU FSTEC	The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird lies in their dependence on the reverse DNS resolver, which allows a hacker to cause a service failure.	7 Aug 202500:00	–	bdu_fstec
Circl	CVE-2025-8036	24 Jul 202512:26	–	circl
CNNVD	Mozilla多款产品安全漏洞	22 Jul 202500:00	–	cnnvd
CVE	CVE-2025-8036	22 Jul 202520:49	–	cve
Debian CVE	CVE-2025-8036	22 Jul 202520:49	–	debiancve
EUVD	EUVD-2025-22369	3 Oct 202520:07	–	euvd

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "140.1",
        "lessThanOrEqual": "140.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "141",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "140.1",
        "lessThanOrEqual": "140.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "141",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  }
]

Source	Link
mozilla	www.mozilla.org/security/advisories/mfsa2025-59/
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi
mozilla	www.mozilla.org/security/advisories/mfsa2025-63/
mozilla	www.mozilla.org/security/advisories/mfsa2025-61/
mozilla	www.mozilla.org/security/advisories/mfsa2025-56/

13 Apr 2026 14:26Current

EPSS0.00274