SUSE CVE-2025-4085

🗓️ 30 Apr 2025 03:18:16Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 3 Views

SUSE CVE-2025-4085: Content-process attacker can abuse UITour to leak data or escalate.

Reporter	Title	Published	Views	Family All 212
FreeBSD	Mozilla -- Information leak	29 Apr 202500:00	–	freebsd
ATTACKERKB	CVE-2025-4085	29 Apr 202514:15	–	attackerkb
AlpineLinux	CVE-2025-4085	29 Apr 202514:15	–	alpinelinux
AstraLinux	Astra Linux – Vulnerability in Firefox, Thunderbird	16 Jun 202511:28	–	astralinux
Circl	CVE-2025-4085	29 Apr 202515:50	–	circl
CNNVD	Mozilla Firefox 安全漏洞	29 Apr 202500:00	–	cnnvd
CVE	CVE-2025-4085	29 Apr 202513:13	–	cve
Cvelist	CVE-2025-4085 Potential information leakage and privilege escalation in UITour actor	29 Apr 202513:13	–	cvelist
Debian CVE	CVE-2025-4085	29 Apr 202513:13	–	debiancve
EUVD	EUVD-2025-12686	3 Oct 202520:07	–	euvd

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	mozillafirefox	138.0-1.1	MozillaFirefox-138.0-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	mozillafirefox-branding-upstream	138.0-1.1	MozillaFirefox-branding-upstream-138.0-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	mozillafirefox-devel	138.0-1.1	MozillaFirefox-devel-138.0-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	mozillafirefox-translations-common	138.0-1.1	MozillaFirefox-translations-common-138.0-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	mozillafirefox-translations-other	138.0-1.1	MozillaFirefox-translations-other-138.0-1.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2025-4085
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1241621
lists	www.lists.opensuse.org/archives/list/[email protected]/thread/IXN7YKFNUPOTT4RDBIYSLHYZG3DKIOBT/

14 Apr 2026 08:51Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.17.8

EPSS0.00245

content process UITour data leak privilege escalation firefox thunderbird