Security Advisory

CVE-2025-5264

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-27 12:29:23

Last updated 2026-04-13 14:27:58

Assigner mozilla

State PUBLISHED

Description

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the users system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

← Browse all CVEs View on cve.org ↗