Security Advisory

CVE-2025-4085

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-29 13:13:39

Last updated 2026-04-13 14:28:43

Assigner mozilla

State PUBLISHED

Description

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

← Browse all CVEs View on cve.org ↗