cvedb.io
CVE-2025-5264
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2025-05-27T13:15:22.200 · Last modified 2026-06-17T09:47:34.360

Summary

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

Affected products

mozilla — firefox

Does this affect you?

Add your gear to cvedb and we'll alert you only when mozilla ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.