VDB
CESS-2025-4089
CESS-2025-4089
PUBLISHED
CVSS 5.1 MEDIUM
Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 138 and Thunderbird 138.
Risk Scores
CVSS 3.1
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Timeline
- Apr 29, 2025 CVE Published