CVE-2025-8038: firefox: thunderbird: CSP frame-src was not correctly enforced for paths

Severity: Critical

CVSS Score: 9.8

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.