Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-gx9w-3cv3-7x4r

Опубликовано: 29 апр. 2025
Источник: github
Github: Не прошло ревью
CVSS3: 5.7

Описание

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird ESR < 128.10.

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird ESR < 128.10.

EPSS

Процентиль: 13%
0.00045
Низкий

5.7 Medium

CVSS3

Дефекты

CWE-116

Связанные уязвимости

CVSS3: 5.7
ubuntu
3 месяца назад

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird < 128.10.

CVSS3: 6.3
redhat
3 месяца назад

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird < 128.10.

CVSS3: 5.7
nvd
3 месяца назад

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird < 128.10.

CVSS3: 5.7
debian
3 месяца назад

Due to insufficient escaping of the special characters in the "copy as ...

suse-cvrf
3 месяца назад

Security update for MozillaThunderbird

EPSS

Процентиль: 13%
0.00045
Низкий

5.7 Medium

CVSS3

Дефекты

CWE-116