VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-qdcz-15x5-6qfp

Essentials
Severities (61)
References (43)
Severity details (19)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-qdcz-15x5-6qfp
Aliases	CVE-2025-4083
Summary	A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape.
Status	Published
Exploitability	0.5
Weighted Severity	8.2
Risk	4.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-653

Improper Isolation or Compartmentalization

System	Score	Found at
cvssv3	8.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4083.json
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-4083
cvssv3.1	9.1	https://bugzilla.mozilla.org/show_bug.cgi?id=1958350
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1958350
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-28
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-29
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-30
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-31
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-32
cvssv3.1	9.1	https://www.mozilla.org/security/advisories/mfsa2025-28/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-28/
cvssv3.1	9.1	https://www.mozilla.org/security/advisories/mfsa2025-29/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-29/
cvssv3.1	9.1	https://www.mozilla.org/security/advisories/mfsa2025-30/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-30/
cvssv3.1	9.1	https://www.mozilla.org/security/advisories/mfsa2025-31/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-31/
cvssv3.1	9.1	https://www.mozilla.org/security/advisories/mfsa2025-32/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-32/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4083.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-4083
		https://bugzilla.mozilla.org/show_bug.cgi?id=1958350
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2362907		https://bugzilla.redhat.com/show_bug.cgi?id=2362907
cpe:2.3:a:mozilla:firefox:::::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::-:::*
cpe:2.3:a:mozilla:firefox:::::esr:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::esr:::*
cpe:2.3:a:mozilla:thunderbird:::::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:::::-:::*
cpe:2.3:a:mozilla:thunderbird:::::esr:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:::::esr:::*
CVE-2025-4083		https://nvd.nist.gov/vuln/detail/CVE-2025-4083
mfsa2025-28		https://www.mozilla.org/en-US/security/advisories/mfsa2025-28
mfsa2025-28		https://www.mozilla.org/security/advisories/mfsa2025-28/
mfsa2025-29		https://www.mozilla.org/en-US/security/advisories/mfsa2025-29
mfsa2025-29		https://www.mozilla.org/security/advisories/mfsa2025-29/
mfsa2025-30		https://www.mozilla.org/en-US/security/advisories/mfsa2025-30
mfsa2025-30		https://www.mozilla.org/security/advisories/mfsa2025-30/
mfsa2025-31		https://www.mozilla.org/en-US/security/advisories/mfsa2025-31
mfsa2025-31		https://www.mozilla.org/security/advisories/mfsa2025-31/
mfsa2025-32		https://www.mozilla.org/en-US/security/advisories/mfsa2025-32
mfsa2025-32		https://www.mozilla.org/security/advisories/mfsa2025-32/
RHSA-2025:4443		https://access.redhat.com/errata/RHSA-2025:4443
RHSA-2025:4458		https://access.redhat.com/errata/RHSA-2025:4458
RHSA-2025:4460		https://access.redhat.com/errata/RHSA-2025:4460
RHSA-2025:4751		https://access.redhat.com/errata/RHSA-2025:4751
RHSA-2025:4752		https://access.redhat.com/errata/RHSA-2025:4752
RHSA-2025:4753		https://access.redhat.com/errata/RHSA-2025:4753
RHSA-2025:4756		https://access.redhat.com/errata/RHSA-2025:4756
RHSA-2025:4797		https://access.redhat.com/errata/RHSA-2025:4797
RHSA-2025:7428		https://access.redhat.com/errata/RHSA-2025:7428
RHSA-2025:7506		https://access.redhat.com/errata/RHSA-2025:7506
RHSA-2025:7507		https://access.redhat.com/errata/RHSA-2025:7507
RHSA-2025:7543		https://access.redhat.com/errata/RHSA-2025:7543
RHSA-2025:7544		https://access.redhat.com/errata/RHSA-2025:7544
RHSA-2025:7545		https://access.redhat.com/errata/RHSA-2025:7545
RHSA-2025:7547		https://access.redhat.com/errata/RHSA-2025:7547
RHSA-2025:7689		https://access.redhat.com/errata/RHSA-2025:7689
RHSA-2025:7690		https://access.redhat.com/errata/RHSA-2025:7690
RHSA-2025:7691		https://access.redhat.com/errata/RHSA-2025:7691
RHSA-2025:7692		https://access.redhat.com/errata/RHSA-2025:7692
RHSA-2025:7693		https://access.redhat.com/errata/RHSA-2025:7693
RHSA-2025:7694		https://access.redhat.com/errata/RHSA-2025:7694
RHSA-2025:7695		https://access.redhat.com/errata/RHSA-2025:7695

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4083.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1958350

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1958350

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-28/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-28/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-29/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-29/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-30/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-30/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-31/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-31/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-32/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-32/

Exploit Prediction Scoring System (EPSS)

Percentile	0.0497
EPSS Score	0.00024
Published At	April 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-04-29T17:31:57.646922+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2025/mfsa2025-28.yml	36.0.0