Unexpected File Upload Vulnerability in Mozilla Firefox and Thunderbird for Windows
CVE-2025-3033

Currently unrated

Key Information:

Vendor

Mozilla
Status
Firefox
Thunderbird
Vendor
CVE Published:
1 April 2025

What is CVE-2025-3033?

A vulnerability exists within Firefox and Thunderbird on Windows systems that allows a malicious .url shortcut from the local filesystem to trigger an unintentional file upload. This flaw specifically impacts versions prior to 137 and poses a risk primarily for users on the Windows platform, while other operating systems remain unaffected. Users and organizations are advised to update to the latest versions to mitigate potential risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Firefox < 137

Thunderbird < 137

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1950056
https://www.mozilla.org/security/advisories/mfsa2025-20/
https://www.mozilla.org/security/advisories/mfsa2025-23/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ameen Basha M K
JSON
.