Login Sign Up

CVE-2025-0237

5.4 MEDIUM

📋 TL;DR

This vulnerability in Mozilla's WebChannel API allows privilege escalation by accepting arbitrary principal information from untrusted sources. Attackers could exploit this to gain elevated privileges within affected applications. It affects Firefox, Firefox ESR, and Thunderbird below specific versions.

💻 Affected Systems

Products:
  • Firefox
  • Firefox ESR
  • Thunderbird
Versions: Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, Thunderbird < 128.6
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through privilege escalation leading to arbitrary code execution with elevated privileges.

🟠

Likely Case

Limited privilege escalation within the browser context, potentially accessing sensitive user data or performing unauthorized actions.

🟢

If Mitigated

No impact if patched versions are deployed or proper security controls prevent malicious code execution.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious website) and understanding of WebChannel API internals.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 134+, Firefox ESR 128.6+, Thunderbird 134+, Thunderbird 128.6+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-01/

Restart Required: Yes

Instructions:

1. Open affected application. 2. Go to Help > About Firefox/Thunderbird. 3. Allow automatic update or download latest version from mozilla.org. 4. Restart application.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents exploitation by disabling JavaScript execution in browser.

about:config > javascript.enabled = false

🧯 If You Can't Patch

  • Restrict user access to untrusted websites through web filtering or proxy controls.
  • Implement application whitelisting to prevent execution of unauthorized browser instances.

🔍 How to Verify

Check if Vulnerable:

Check application version in Help > About menu and compare against affected versions.

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Confirm version is Firefox 134+, Firefox ESR 128.6+, Thunderbird 134+, or Thunderbird 128.6+.

📡 Detection & Monitoring

Log Indicators:

  • Unusual WebChannel API usage patterns
  • Privilege escalation attempts in browser logs

Network Indicators:

  • Suspicious WebChannel traffic to untrusted domains

SIEM Query:

source="browser_logs" AND (event="privilege_escalation" OR event="webchannel_exploit")

📊 Metadata

CVE ID: CVE-2025-0237
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-863
EPSS Score: 0.34% exploit probability (56.1th percentile)
Published: January 7, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0237, you might also want to check these:

CVE-2023-4617 10.0

This vulnerability allows remote attackers to bypass authorization controls in the Govee Home mobile...

Same vulnerability type (CWE-863)
CVE-2025-54253 10.0

CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager Forms that a...

Same vulnerability type (CWE-863)
CVE-2021-38503 10.0

This vulnerability allows malicious iframes to bypass sandbox restrictions when loading XSLT stylesh...

Same vulnerability type (CWE-863)