CVE-2025-5265
Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
| Software | From | Fixed in |
|---|---|---|
| mozilla / firefox | - | 139.0 |
| mozilla / firefox | - | 115.24.0 |
| mozilla / firefox | 116.0 | 128.11.0 |
- https://bugzilla.mozilla.org/show_bug.cgi?id=1962301
- https://www.mozilla.org/security/advisories/mfsa2025-42/
- https://www.mozilla.org/security/advisories/mfsa2025-43/
- https://www.mozilla.org/security/advisories/mfsa2025-44/
- https://www.mozilla.org/security/advisories/mfsa2025-45/
- https://www.mozilla.org/security/advisories/mfsa2025-46/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime