Executable File Warning Bypass in Firefox for macOS
CVE-2025-6426

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 24 June 2025

What is CVE-2025-6426?

A security flaw in Firefox for macOS fails to properly warn users about opening files with the terminal extension, potentially allowing malicious files to be executed without warning. This issue is limited to specific versions of Firefox and does not affect other platforms or versions. Users are encouraged to update to the latest versions to mitigate risks associated with this vulnerability.

Affected Version(s)

Firefox < 140

Firefox ESR < 128.12

Thunderbird < 140

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1964385

https://www.mozilla.org/security/advisories/mfsa2025-51/

https://www.mozilla.org/security/advisories/mfsa2025-53/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Jun 20, 2025

Credit

pwn2car

Mozilla

What is CVE-2025-6426?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit