{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T00:35:23.709","vulnerabilities":[{"cve":{"id":"CVE-2025-4088","sourceIdentifier":"security@mozilla.org","published":"2025-04-29T14:15:35.450","lastModified":"2026-04-13T15:17:00.397","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability was fixed in Firefox 138 and Thunderbird 138."},{"lang":"es","value":"Una vulnerabilidad de seguridad en Firefox permitía a sitios maliciosos usar redirecciones para enviar solicitudes con credenciales a endpoints arbitrarios en cualquier sitio que hubiera invocado la API de acceso al almacenamiento. Esto permitía posibles ataques de Cross-Site Request Forgery (SRS) en distintos orígenes. Esta vulnerabilidad afecta a Firefox (versión anterior a la 138) y Thunderbird (versión anterior a la 138)."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"138.0","matchCriteriaId":"EB8A8C7B-B65D-4DF5-BDB5-0C3C4E2DB72C"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"138.0","matchCriteriaId":"D1E8CCF1-4E91-44CC-A652-B23D1337A485"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1953521","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-28/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-31/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}}]}