CVE-2025-4084
- Source
- https://cve.org/CVERecord?id=CVE-2025-4084
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4084.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-4084
- Downstream
- Related
- Published
- 2025-04-29T14:15:35.097Z
- Modified
- 2026-03-23T05:09:20.198105587Z
- Severity
-
- 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird < 128.10.
- References
-
- https://lists.debian.org/debian-lts-announce/2025/05/msg00022.html
- https://www.mozilla.org/security/advisories/mfsa2025-30/
- https://www.mozilla.org/security/advisories/mfsa2025-32/
- https://www.mozilla.org/security/advisories/mfsa2025-29/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198
Affected packages
Git /
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "115.23"
}
]
},
{
"events": [
{
"introduced": "128.0"
},
{
"fixed": "128.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "128.10.0"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4084.json"