CVE-2025-8032: 
NixOS vulnerability analysis and mitigation

CVE-2025-8032 is a security vulnerability discovered in Mozilla Firefox and Thunderbird browsers where XSLT document loading did not correctly propagate the source document, which resulted in bypassing its Content Security Policy (CSP). The vulnerability was disclosed on July 22, 2025, affecting Firefox versions before 141, Firefox ESR versions before 128.13 and 140.1, and Thunderbird versions before 141, 128.13, and 140.1 (Mozilla Advisory).

The vulnerability is classified as a Protection Mechanism Failure (CWE-693) with a CVSS v3.1 base score of 8.1 HIGH (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). The technical issue stems from incorrect propagation of source documents during XSLT document loading, which allows bypass of Content Security Policy protections (NVD).

The vulnerability has a high severity rating due to its potential impact on security controls. When exploited, it allows attackers to bypass Content Security Policy restrictions, which could lead to high impacts on both confidentiality and integrity of the affected systems, though availability is not impacted (CISA-ADP).

Mozilla has released security updates to address this vulnerability. Users should upgrade to Firefox 141, Firefox ESR 128.13/140.1, or Thunderbird 141/128.13/140.1 or later versions. The fix has been deployed across multiple release channels to ensure comprehensive coverage (Mozilla Advisory).