CVE-2025-4089

Опубликовано: 29 апр. 2025

Источник: redhat

CVSS3: 6.3

EPSS Низкий

Описание

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and Thunderbird < 138.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	firefox	Not affected
Red Hat Enterprise Linux 10	firefox-flatpak-container	Not affected
Red Hat Enterprise Linux 10	thunderbird	Not affected
Red Hat Enterprise Linux 10	thunderbird-flatpak-container	Not affected
Red Hat Enterprise Linux 6	firefox	Out of support scope
Red Hat Enterprise Linux 6	thunderbird	Out of support scope
Red Hat Enterprise Linux 7	firefox	Not affected
Red Hat Enterprise Linux 7	thunderbird	Out of support scope
Red Hat Enterprise Linux 8	firefox	Not affected
Red Hat Enterprise Linux 8	thunderbird	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-138

https://bugzilla.redhat.com/show_bug.cgi?id=2362910firefox: thunderbird: Potential local code execution in "copy as cURL" command

EPSS

Процентиль: 6%

0.00027

Низкий

6.3 Medium

CVSS3

Связанные уязвимости

CVE-2025-4089

CVSS3: 5.1

ubuntu

3 месяца назад

CVE-2025-4089

CVSS3: 5.1

nvd

3 месяца назад

CVE-2025-4089

CVSS3: 5.1

debian

3 месяца назад

Due to insufficient escaping of special characters in the "copy as cUR ...

GHSA-f4pj-f2qw-57cr

CVSS3: 5.1

github

3 месяца назад

BDU:2025-05381

CVSS3: 5.1

fstec

3 месяца назад

Уязвимость функции Copy as cURL браузера Mozilla Firefox и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 6%

0.00027

Низкий

6.3 Medium

CVSS3