CVE-2025-3029
First published: Tue Apr 01 2025(Updated: )
A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thunderbird | <137 | 137 |
| Firefox | <137 | 137 |
| Firefox ESR | <128.9 | 128.9 |
| Thunderbird | <128.9 | 128.9 |
| Firefox | <128.9.0 | |
| Firefox | <137.0 | |
| Thunderbird | <128.9.0 | |
| Thunderbird | >=129.0<137.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1952213
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-23/
- https://www.mozilla.org/security/advisories/mfsa2025-20/
- https://www.mozilla.org/security/advisories/mfsa2025-22/
- https://www.mozilla.org/security/advisories/mfsa2025-23/
- https://www.mozilla.org/security/advisories/mfsa2025-24/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-24/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-22/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/
- https://access.redhat.com/errata/RHSA-2025:3556
- https://access.redhat.com/errata/RHSA-2025:3581
- https://access.redhat.com/errata/RHSA-2025:3582
- https://access.redhat.com/errata/RHSA-2025:3587
- https://access.redhat.com/errata/RHSA-2025:3589
- https://access.redhat.com/errata/RHSA-2025:3590
- https://access.redhat.com/errata/RHSA-2025:3623
- https://access.redhat.com/errata/RHSA-2025:3620
- https://access.redhat.com/errata/RHSA-2025:3621
- https://access.redhat.com/errata/RHSA-2025:3628
- https://access.redhat.com/errata/RHSA-2025:4026
- https://access.redhat.com/errata/RHSA-2025:4027
- https://access.redhat.com/errata/RHSA-2025:4029
- https://access.redhat.com/errata/RHSA-2025:4028
- https://access.redhat.com/errata/RHSA-2025:4032
- https://access.redhat.com/errata/RHSA-2025:4031
- https://access.redhat.com/errata/RHSA-2025:4030
- https://access.redhat.com/errata/RHSA-2025:4169
- https://access.redhat.com/errata/RHSA-2025:4170
- https://bugzilla.redhat.com/show_bug.cgi?id=2356556
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2025-3029?
CVE-2025-3029 has been classified as a high severity vulnerability due to the risk of spoofing attacks.
How can I fix CVE-2025-3029?
To fix CVE-2025-3029, update your Mozilla Thunderbird or Firefox to the latest version beyond the vulnerable releases.
What versions of software are affected by CVE-2025-3029?
CVE-2025-3029 affects Thunderbird versions prior to 137, Thunderbird ESR versions prior to 128.9, Firefox versions prior to 137, and Firefox ESR versions prior to 128.9.
What type of attack does CVE-2025-3029 facilitate?
CVE-2025-3029 facilitates potential spoofing attacks by allowing crafted URLs to hide the true origin of a page.
Who is the vendor for CVE-2025-3029?
The vendor for CVE-2025-3029 is Mozilla, which produces both Thunderbird and Firefox.
- agent/type
- agent/first-publish-date
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/author
- agent/weakness
- agent/source
- agent/severity
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/description
- agent/softwarecombine
- agent/event
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/references
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2025-3029
- vendor/mozilla
- canonical/thunderbird
- canonical/firefox esr
- canonical/firefox
- version/thunderbird/129.0