Reliance on Reverse DNS Resolution for a Security-Critical Action

CVE-2025-8036

High

8.1/10

Summary

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action

The software performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname.

References

Advisory Timeline

Published Jul 22, 2025

Reliance on Reverse DNS Resolution for a Security-Critical Action

CVE-2025-8036

Summary

CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS