MFSA-RESERVE-2025-1953521
First published: Tue Apr 29 2025(Updated: )
A security vulnerability in Firefox allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <138 | 138 |
| Thunderbird | <138 | 138 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of MFSA-RESERVE-2025-1953521?
MFSA-RESERVE-2025-1953521 has been assessed with a high severity due to its potential exploitation leading to Cross-Site Request Forgery attacks.
How do I fix MFSA-RESERVE-2025-1953521?
To fix MFSA-RESERVE-2025-1953521, update your Firefox or Thunderbird browser to version 138 or later.
Which versions of Firefox are affected by MFSA-RESERVE-2025-1953521?
Firefox versions prior to 138 are affected by MFSA-RESERVE-2025-1953521.
Which versions of Thunderbird are affected by MFSA-RESERVE-2025-1953521?
Thunderbird versions prior to 138 are affected by MFSA-RESERVE-2025-1953521.
What type of attack can MFSA-RESERVE-2025-1953521 facilitate?
MFSA-RESERVE-2025-1953521 can facilitate Cross-Site Request Forgery attacks due to improper handling of requests.
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/references
- agent/source
- agent/tags
- agent/severity
- agent/description
- agent/first-publish-date
- agent/type
- agent/softwarecombine
- agent/event
- vendor/mozilla
- canonical/firefox
- canonical/thunderbird