CVE-2025-4086

Опубликовано: 29 апр. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected. This vulnerability affects Firefox < 138 and Thunderbird < 138.

Ссылки

https://bugzilla.mozilla.org/show_bug.cgi?id=1945705
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2025-28/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-31/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*

Версия до 138.0 (исключая)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*

Версия до 138.0 (исключая)

EPSS

Процентиль: 13%

0.00043

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-451

Связанные уязвимости

CVE-2025-4086

CVSS3: 6.5

ubuntu

около 2 месяцев назад

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138 and Thunderbird < 138.

CVE-2025-4086

CVSS3: 5.4

redhat

около 2 месяцев назад

CVE-2025-4086

CVSS3: 6.5

debian

около 2 месяцев назад

A specially crafted filename containing a large number of encoded newl ...

GHSA-54jr-pmx4-5pvr

CVSS3: 6.5

github

около 2 месяцев назад

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 138 and Thunderbird < 138.

EPSS

Процентиль: 13%

0.00043

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-451