关键漏洞信息 漏洞概述 公告编号: Mozilla Foundation Security Advisory 2025-54 影响产品: Thunderbird 修复版本: Thunderbird 140 发布日期: July 8, 2025 具体漏洞详情 1. CVE-2025-6424: Use-after-free in FontFaceSet - 报告者: Lihua Yan and rwaldhoff (account research team) - 影响: high - 描述: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. 2. CVE-2025-6426: The WebCompat WebExtension shipped exposed a persistent UUID - 报告者: Rob Wu - 影响: moderate - 描述: An attack on web connected resources from the WebCompat extension could have obtained a persistent UUID that identified the browser and persisted between restarts and newly installed extensions inside. 3. CVE-2025-6426: No warning when opening executable terminal files on macOS - 报告者: jankar - 影响: moderate - 描述: The executable file for warning did not warn users before opening files with the terminal application. 4. CVE-2025-6427: connect-src Content Security Policy restriction could be bypassed - 报告者: Arantxa Villegas - 影响: moderate - 描述: An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating the URL scheme. 5. CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com - 报告者: Alejandro Kinguera - 影响: moderate - 描述: Thunderbird could have incorrectly parsed a URL and rendered it in the wrong context domain when parsing the text specified in an encoding. 6. CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag - 报告者: Dami Batista Positive Technologies - 影响: moderate - 描述: When a file download is specified in the Content-Disposition header that directive is ignored if the server includes a script in an object tag. 7. CVE-2025-6432: DNS Requests leaked outside of a configured SOCKS proxy - 报告者: Alexei - 影响: low - 描述: When a secure connection was enabled, DNS requests could have bypassed a socks proxy when the domain name was invalid or the socks server was not responding. 8. CVE-2025-6433: WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate - 报告者: Simon - 影响: low - 描述: If a secure connection was established with an invalid TLS certificate and prompted an exception, the webpage was about to provide a WebAuthn challenge that the user would be prompted to confirm. 9. CVE-2025-6435: HTTPS-Only exception screen lacked anti-clickjacking delay - 报告者: heffers & kangal - 影响: low - 描述: The exception screen for the HTTPS-Only feature displayed without a noticeable delay on HTTP blocked and anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. 10. CVE-2025-6436: Save as in Devtools could download files without sanitizing the extension - 报告者: Artemis Eustace M.K - 影响: low - 描述: If a user saved a response from the network tab in Devtools using the save As context menu option, the file may not have been saved with the correct file extension. 11. CVE-2025-6436: Memory safety bugs fixed in Firefox 140 and Thunderbird 140 - 报告者: Andrew McCreight, Ondrej Brotina, Beth Reiter-Schreck, the Mozilla Fuzzing Team - 影响: high - 描述: Memory safety bugs present in Firefox 140 and Thunderbird 140. ``` 这些信息涵盖了多个安全漏洞的详细描述,包括它们的影响级别、报告者以及具体的漏洞描述。