CVE-2025-10536: 
NixOS vulnerability analysis and mitigation

CVE-2025-10536 is an information disclosure vulnerability discovered in the Networking: Cache component affecting multiple Mozilla products. The vulnerability impacts Firefox versions prior to 143, Firefox ESR versions before 140.3, Thunderbird versions before 143, and Thunderbird ESR versions before 140.3. The issue was reported by security researcher Ibuki Sato and was publicly disclosed on September 16, 2025 (Mozilla Advisory).

The vulnerability has been classified as having a low impact severity according to Mozilla's internal assessment. The CVSS v3.1 base score assigned by CISA-ADP is 8.4 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is categorized under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

The vulnerability could lead to information disclosure through the Networking: Cache component of affected Mozilla products. While specific details about the exact nature of the information exposure are not publicly available, the high CVSS score suggests potential for significant data exposure (NVD).

Mozilla has addressed this vulnerability in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird ESR 140.3. Users are advised to update to these versions or later to mitigate the risk (Mozilla Advisory).