CVE-2025-5271

Summary

Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and Thunderbird 139.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox139 <= *unaffected
MozillaThunderbird139 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References