CVE-2025-10534 is a high-severity spoofing vulnerability affecting Mozilla Firefox versions prior to 143 and Thunderbird versions prior to 143. The flaw resides in the Site Permissions component, which is responsible for managing and displaying permissions granted to websites, such as access to location, camera, microphone, and notifications. The vulnerability is classified under CWE-79, indicating it is a Cross-Site Scripting (XSS) related issue. Specifically, this vulnerability allows an attacker to craft malicious web content that can spoof or manipulate the site permissions interface, potentially misleading users about the permissions granted to a site. The CVSS v3.1 base score is 8.1, reflecting a high impact on confidentiality and integrity, with no impact on availability. The attack vector is network-based (AV:N), requiring no privileges (PR:N), but does require user interaction (UI:R), such as visiting a malicious or compromised website. The scope is unchanged (S:U), meaning the vulnerability affects only the vulnerable component without extending to other system components. Exploitation could allow an attacker to trick users into believing a malicious site has limited or no permissions, or conversely, that a trusted site has elevated permissions, facilitating phishing or further attacks that compromise user data confidentiality and integrity. No known exploits are currently reported in the wild, and no patches or mitigation links are provided yet, indicating the vulnerability is newly disclosed. The lack of specified affected versions beyond being less than 143 suggests all earlier versions are vulnerable. This vulnerability is significant because Firefox and Thunderbird are widely used across various platforms, and the Site Permissions UI is a critical security control for users to manage web permissions safely.

For European organizations, this vulnerability poses a substantial risk, especially for those relying on Firefox and Thunderbird for daily operations, including government agencies, financial institutions, and enterprises handling sensitive data. The spoofing of site permissions can lead to users unknowingly granting malicious websites access to sensitive resources such as cameras, microphones, or location data, resulting in data leakage or espionage. This can compromise confidentiality and integrity of organizational data and communications. Additionally, phishing attacks leveraging this vulnerability could facilitate credential theft or deployment of further malware. The impact is heightened in sectors with strict data protection regulations like GDPR, where unauthorized data access can lead to significant legal and financial penalties. Remote work environments increase exposure since users may be more susceptible to social engineering attacks via web browsers. The absence of known exploits currently provides a window for proactive mitigation, but the high CVSS score underscores the urgency to address this vulnerability promptly.

European organizations should prioritize updating Firefox and Thunderbird to version 143 or later as soon as patches become available from Mozilla. Until patches are released, organizations should implement the following specific mitigations: 1) Enforce strict browser usage policies limiting the use of outdated Firefox and Thunderbird versions; 2) Deploy web filtering solutions to block access to known malicious or untrusted websites that could exploit this vulnerability; 3) Educate users about the risks of spoofed site permissions and encourage vigilance when granting permissions to websites; 4) Utilize browser configuration management tools to disable or restrict site permissions where feasible, especially for high-risk permissions like camera and microphone; 5) Monitor network traffic for unusual activity that could indicate exploitation attempts; 6) Consider deploying endpoint detection and response (EDR) solutions capable of identifying suspicious browser behavior; 7) Coordinate with IT teams to ensure timely communication and rapid deployment of security updates once available. These measures go beyond generic advice by focusing on user education, policy enforcement, and technical controls tailored to the nature of the vulnerability.