CVE-2025-11712
An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th
A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.
| Vendor | mozilla |
| Product | firefox |
| Ecosystems | |
| Industries | Technology |
| Published | Oct 14, 2025 |
| Last Updated | Apr 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for mozilla firefox
Be the first to know when new medium vulnerabilities affecting mozilla firefox are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Mozilla / Firefox
All versions affected Mozilla / Thunderbird
All versions affected References
bugzilla.mozilla.org: https://bugzilla.mozilla.org/show_bug.cgi?id=1979536 mozilla.org: https://www.mozilla.org/security/advisories/mfsa2025-81/ mozilla.org: https://www.mozilla.org/security/advisories/mfsa2025-83/ mozilla.org: https://www.mozilla.org/security/advisories/mfsa2025-84/ mozilla.org: https://www.mozilla.org/security/advisories/mfsa2025-85/ lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html
Credits
Masato Kinugawa