{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T19:04:21.114","vulnerabilities":[{"cve":{"id":"CVE-2025-4083","sourceIdentifier":"security@mozilla.org","published":"2025-04-29T14:15:35.003","lastModified":"2026-04-13T15:16:59.477","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10."},{"lang":"es","value":"Una vulnerabilidad de aislamiento de procesos en Firefox se originó debido a una gestión inadecuada de las URI de JavaScript, lo que podría permitir que el contenido se ejecutara en el proceso del documento de nivel superior en lugar del marco previsto, lo que podría habilitar un escape de la zona protegida. Esta vulnerabilidad afecta a Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138 y Thunderbird ESR < 128.10."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-653"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"115.23","matchCriteriaId":"C120A37E-1333-4278-9527-4F370BC78EA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"138.0","matchCriteriaId":"EB8A8C7B-B65D-4DF5-BDB5-0C3C4E2DB72C"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionStartIncluding":"128.0","versionEndExcluding":"128.10","matchCriteriaId":"78457AB7-7F72-41FA-99F5-EE6D2B2AC9F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"128.10.0","matchCriteriaId":"DC19822B-CC07-4C6F-BAAD-C7A9C4E73FA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"138.0","matchCriteriaId":"D1E8CCF1-4E91-44CC-A652-B23D1337A485"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1958350","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-28/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-29/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-30/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-31/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-32/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}