Information Leak and Privilege Escalation in Firefox and Thunderbird
CVE-2025-4085

7.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 29 April 2025

What is CVE-2025-4085?

A security flaw has been identified in Firefox and Thunderbird where an attacker controlling a content process may exploit a privileged UITour actor. This exploitation could result in the unauthorized disclosure of sensitive information or lead to privilege escalation, compromising the overall security of affected systems.

Affected Version(s)

Firefox < 138

Thunderbird < 138

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1915280

https://www.mozilla.org/security/advisories/mfsa2025-28/

https://www.mozilla.org/security/advisories/mfsa2025-31/

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2025
Vulnerability Reserved
Apr 29, 2025

Credit

Andrew McCreight