Vulnerability Description
XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 128.13.0 |
| Mozilla | Thunderbird | < 128.13.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1974407Permissions Required
- https://www.mozilla.org/security/advisories/mfsa2025-56/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2025-58/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2025-59/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2025-61/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2025-62/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2025-63/Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html
FAQ
What is CVE-2025-8032?
CVE-2025-8032 is a vulnerability with a CVSS score of 8.1 (HIGH). XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thund...
How severe is CVE-2025-8032?
CVE-2025-8032 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-8032?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Thunderbird.