CVE-2025-4089

Опубликовано: 29 апр. 2025

Источник: redhat

CVSS3: 6.3

Описание

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and Thunderbird < 138.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	firefox	Out of support scope
Red Hat Enterprise Linux 6	thunderbird	Out of support scope
Red Hat Enterprise Linux 7	firefox	Not affected
Red Hat Enterprise Linux 7	thunderbird	Out of support scope
Red Hat Enterprise Linux 8	firefox	Not affected
Red Hat Enterprise Linux 8	thunderbird	Not affected
Red Hat Enterprise Linux 9	firefox	Not affected
Red Hat Enterprise Linux 9	firefox-flatpak-container	Not affected
Red Hat Enterprise Linux 9	thunderbird	Not affected
Red Hat Enterprise Linux 9	thunderbird-flatpak-container	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-138

https://bugzilla.redhat.com/show_bug.cgi?id=2362910firefox: thunderbird: Potential local code execution in "copy as cURL" command

6.3 Medium

CVSS3

Связанные уязвимости

CVE-2025-4089

CVSS3: 5.1

ubuntu

около 2 месяцев назад

CVE-2025-4089

CVSS3: 5.1

nvd

около 2 месяцев назад

CVE-2025-4089

CVSS3: 5.1

debian

около 2 месяцев назад

Due to insufficient escaping of special characters in the "copy as cUR ...

GHSA-f4pj-f2qw-57cr

CVSS3: 5.1

github

около 2 месяцев назад

BDU:2025-05381

CVSS3: 5.1

fstec

около 2 месяцев назад

Уязвимость функции Copy as cURL браузера Mozilla Firefox и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

6.3 Medium

CVSS3