Primary

Context

Mozilla Firefox and Thunderbird 'Copy as cURL' Feature Vulnerability Leading to Potential Local Code Execution

Vulnerability

Patched

A vulnerability exists in Mozilla Firefox versions prior to 138 and Thunderbird versions prior to 138, where the 'copy as cURL' feature fails to properly escape special characters. This flaw could allow an attacker to manipulate a user into executing a crafted cURL command, potentially leading to local code execution on the user's machine.

Impact

Exploitation of this vulnerability could result in unauthorized local code execution on the user's system.

Remediation

Users can update to Firefox 138 or Thunderbird 138 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox and Thunderbird 'Copy as cURL' Feature Vulnerability Leading to Potential Local Code Execution

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

Mozilla Thunderbird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating