Primary

Context

Mozilla Firefox and Thunderbird User-Assisted Code Execution Vulnerability via 'Copy as cURL' Feature

Vulnerability

Patched

A vulnerability allowing user-assisted code execution has been identified in the 'Copy as cURL' feature of Mozilla Firefox and Thunderbird. This issue arises from insufficient escaping, which could potentially trick users into executing unexpected code on Windows. The vulnerability is present in Firefox versions prior to 144, Firefox ESR versions prior to 140.4, Thunderbird versions prior to 144, and Thunderbird ESR versions prior to 140.4.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the user's Windows system.

Remediation

Users can upgrade to Firefox 144, Firefox ESR 140.4, Thunderbird 144, or Thunderbird ESR 140.4 to address this vulnerability.

Added: Oct 14, 2025, 1:30 PM

Updated: Oct 14, 2025, 11:43 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox and Thunderbird User-Assisted Code Execution Vulnerability via 'Copy as cURL' Feature

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

Mozilla Firefox ESR

Mozilla Thunderbird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating