Primary

Context

Mozilla Firefox and Thunderbird Windows .url File Shortcut Vulnerability Leading to Unexpected File Upload

Vulnerability

Patched

A vulnerability exists in Mozilla Firefox and Thunderbird on Windows, affecting versions prior to 137. When a malicious Windows .url shortcut is selected from the local filesystem, it could result in an unexpected file being uploaded. This issue is not present on other operating systems.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads.

Remediation

Users can update to Firefox or Thunderbird version 137 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.4

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.4

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox and Thunderbird Windows .url File Shortcut Vulnerability Leading to Unexpected File Upload

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

Mozilla Thunderbird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating