Local Code Execution Vulnerability in Firefox for Windows
CVE-2025-4084

5.7MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox Esr; Thunderbird
Vendor: CVE Published:; 29 April 2025

What is CVE-2025-4084?

A vulnerability in Firefox for Windows arises from insufficient escaping of special characters in the 'copy as cURL' feature. This flaw can be exploited by an attacker who tricks users into executing a crafted cURL command, potentially leading to local code execution on their system. The affected versions include Firefox ESR prior to 128.10 and 115.23, as well as Thunderbird ESR below 128.10. Users are strongly advised to update to the latest versions to mitigate the risks associated with this vulnerability.

Affected Version(s)

Firefox ESR < 128.10

Firefox ESR < 115.23

Thunderbird < 128.10

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2...

https://www.mozilla.org/security/advisories/mfsa2025-29/

https://www.mozilla.org/security/advisories/mfsa2025-30/

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 29, 2025
Vulnerability Reserved
Apr 29, 2025

Credit

Ameen Basha M K