Primary

Context

Mozilla Firefox and Thunderbird 'Copy as cURL' Feature Local Code Execution Vulnerability

Vulnerability

Patched

A local code execution vulnerability has been identified in the 'copy as cURL' feature of Mozilla Firefox and Thunderbird. This issue arises from inadequate escaping of special characters, particularly the ampersand, which could allow an attacker to manipulate the command and execute code on the user's system. The vulnerability is present in Firefox for Windows and affects several versions of Firefox ESR and Thunderbird.

Impact

Exploitation of this vulnerability could lead to unauthorized local code execution on the user's system.

Remediation

Users can update to Firefox ESR 128.10, Firefox ESR 115.23, or Thunderbird 128.10 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox and Thunderbird 'Copy as cURL' Feature Local Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox ESR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating