{"id":59825,"date":"2025-08-02T13:34:40","date_gmt":"2025-08-02T13:34:40","guid":{"rendered":""},"modified":"2025-09-03T19:04:12","modified_gmt":"2025-09-04T01:04:12","slug":"cve-2025-8036-critical-thunderbird-cors-preflight-response-caching-vulnerability","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-8036-critical-thunderbird-cors-preflight-response-caching-vulnerability\/","title":{"rendered":"CVE-2025-8036: Critical Thunderbird CORS Preflight Response Caching Vulnerability<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The Common Vulnerabilities and Exposures (CVE) system has recently identified a critical vulnerability, CVE-2025-8036, in Thunderbird that has significant implications for user security. This flaw affects Firefox and Thunderbird versions prior to 141 and Firefox ESR versions prior to 140.1. It centers on the caching of CORS preflight responses across IP address changes, thereby enabling DNS rebinding and circumvention of CORS. Given the widespread use of these products, the vulnerability has the potential<\/a> to impact a large number of users. It matters because it can potentially lead to system compromise<\/a> or data leakage, posing a serious threat to user privacy and security.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-8036
\nSeverity: Critical (8.1 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: System compromise<\/a> or data leakage due to circumvention of CORS<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n