CVE-2025-4083

CRITICAL Year: 2025
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-653
View all →

Vulnerability Description

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.

Related Vulnerabilities

CVE-2024-20285

HIGH
CVSS:8.8(High)

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlyi...

CWE-6532024

CVE-2024-33768

CRITICAL
CVSS:9.8(Critical)

lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over.

CWE-6532024

CVE-2025-1974

CRITICAL
CVSS:9.8(Critical)

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingr...

CWE-6532025

CVE-2023-1305

HIGH
CVSS:8.1(High)

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed a...

CWE-6532023

CVE-2024-0135

HIGH
CVSS:7.6(High)

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability ...

CWE-6532024

CVE-2024-0136

HIGH
CVSS:7.6(High)

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulne...

CWE-6532024