{"id":"CVE-2025-8031","details":"The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1.","modified":"2026-04-16T04:30:58.024820450Z","published":"2025-07-22T21:15:50.257Z","related":["ALSA-2025:11747","ALSA-2025:11748","ALSA-2025:11797","ALSA-2025:12187","ALSA-2025:12188","ALSA-2025:13676","SUSE-SU-2025:02529-1","SUSE-SU-2025:02531-1","SUSE-SU-2025:02546-1","SUSE-SU-2025:21170-1","openSUSE-SU-2025:15371-1","openSUSE-SU-2025:15383-1","openSUSE-SU-2025:15386-1","openSUSE-SU-2025:15387-1","openSUSE-SU-2025:20135-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-56/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-58/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-59/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-61/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-62/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-63/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1971719"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8031.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"128.13.0"}]},{"events":[{"introduced":"0"},{"fixed":"141.0"}]},{"events":[{"introduced":"140.0"},{"fixed":"140.1.0"}]},{"events":[{"introduced":"0"},{"fixed":"128.13.0"}]},{"events":[{"introduced":"0"},{"fixed":"141.0"}]},{"events":[{"introduced":"140.0"},{"fixed":"140.1.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}