CVE-2025-4084

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird < 128.10.

Published: Apr 29, 2025
Updated: May 2, 2025
CVE: CVE-2025-4084
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / firefox	-	115.23
mozilla / firefox	128.0	128.10
mozilla / thunderbird	-	128.10.0

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198
https://www.mozilla.org/security/advisories/mfsa2025-29/
https://www.mozilla.org/security/advisories/mfsa2025-30/
https://www.mozilla.org/security/advisories/mfsa2025-32/

Vulnerability Database

289,689

CVE-2025-4084