CVE-2025-5265 Potential local code execution in “Copy as cURL” command

🗓️ 27 May 2025 12:29:24Reported by mozillaType

Insufficient escaping in "Copy as cURL" can lead to local code execution in Firefox for Windows.

Reporter	Title	Published	Views	Family All 200
Tenable Nessus	Amazon Linux 2023 : firefox (ALAS2023-2025-996)	12 Jun 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : thunderbird (ALAS-2025-2873)	12 Jun 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : firefox (ALASFIREFOX-2025-039)	11 Jun 202500:00	–	nessus
Tenable Nessus	Fedora 42 : firefox (2025-34badbe9b9)	10 Jun 202500:00	–	nessus
Tenable Nessus	Fedora 41 : thunderbird (2025-5bf1989d48)	1 Jun 202500:00	–	nessus
Tenable Nessus	Fedora 42 : thunderbird (2025-a52491bdd9)	3 Jul 202500:00	–	nessus
Tenable Nessus	Mozilla Firefox ESR < 115.24	27 May 202500:00	–	nessus
Tenable Nessus	Mozilla Firefox ESR < 128.11	27 May 202500:00	–	nessus
Tenable Nessus	Mozilla Firefox < 139.0	27 May 202500:00	–	nessus
Tenable Nessus	Mozilla Thunderbird < 128.11	27 May 202500:00	–	nessus

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "115.24",
        "lessThanOrEqual": "115.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "128.11",
        "lessThanOrEqual": "128.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "139",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "128.11",
        "lessThanOrEqual": "128.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "139",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi
mozilla	www.mozilla.org/security/advisories/mfsa2025-43/
mozilla	www.mozilla.org/security/advisories/mfsa2025-42/
mozilla	www.mozilla.org/security/advisories/mfsa2025-45/
mozilla	www.mozilla.org/security/advisories/mfsa2025-46/
mozilla	www.mozilla.org/security/advisories/mfsa2025-44/

13 Apr 2026 14:28Current

EPSS0.00059