Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-8030

Опубликовано: 22 июл. 2025
Источник: redhat
CVSS3: 6.1

Описание

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10rhel10/firefox-flatpakAffected
Red Hat Enterprise Linux 10rhel10/thunderbird-flatpakAffected
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7thunderbirdOut of support scope
Red Hat Enterprise Linux 10firefoxFixedRHSA-2025:1179728.07.2025
Red Hat Enterprise Linux 10thunderbirdFixedRHSA-2025:1218829.07.2025
Red Hat Enterprise Linux 7 Extended Lifecycle SupportfirefoxFixedRHSA-2025:1227830.07.2025
Red Hat Enterprise Linux 8firefoxFixedRHSA-2025:1174724.07.2025
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2025:1367612.08.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-94
https://bugzilla.redhat.com/show_bug.cgi?id=2382710firefox: thunderbird: Potential user-assisted code execution in “Copy as cURL” command

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-8030

CVSS3: 8.1
ubuntu
около 2 месяцев назад

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

nvd логотип

CVE-2025-8030

CVSS3: 8.1
nvd
около 2 месяцев назад

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

debian логотип

CVE-2025-8030

CVSS3: 8.1
debian
около 2 месяцев назад

Insufficient escaping in the \u201cCopy as cURL\u201d feature could po ...

github логотип

GHSA-3q2p-xj33-xm8j

CVSS3: 8.1
github
около 2 месяцев назад

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

fstec логотип

BDU:2025-10486

CVSS3: 5
fstec
около 2 месяцев назад

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код

6.1 Medium

CVSS3