CVE-2025-4086

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected. This vulnerability affects Firefox < 138 and Thunderbird < 138.

Published: Apr 29, 2025
Updated: May 2, 2025
CVE: CVE-2025-4086
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / firefox	-	138.0
mozilla / thunderbird	-	138.0

https://bugzilla.mozilla.org/show_bug.cgi?id=1945705
https://www.mozilla.org/security/advisories/mfsa2025-28/
https://www.mozilla.org/security/advisories/mfsa2025-31/

Vulnerability Database

289,599

CVE-2025-4086