7.3

CVE-2025-3029

URL Bar Spoofing via non-BMP Unicode characters

A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox SwEditionesr Version < 128.9.0
MozillaFirefox SwEdition- Version < 137.0
MozillaThunderbird Version < 128.9.0
MozillaThunderbird Version >= 129.0 < 137.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.244
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.3 3.9 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://www.mozilla.org/security/advisories/mfsa2025-20/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-22/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-23/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-24/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1952213
Issue Tracking
Permissions Required
https://lists.debian.org/debian-lts-announce/2025/04/msg00005.html