VDB

CESS-2025-4089

CESS-2025-4089 PUBLISHED CVSS 5.1 MEDIUM

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

Risk Scores

CVSS 3.1
5.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Timeline

  • Apr 29, 2025 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›