Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Link | Tags |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1962301 | permissions required |
https://www.mozilla.org/security/advisories/mfsa2025-42/ | vendor advisory |
https://www.mozilla.org/security/advisories/mfsa2025-43/ | vendor advisory |
https://www.mozilla.org/security/advisories/mfsa2025-44/ | vendor advisory |
https://www.mozilla.org/security/advisories/mfsa2025-45/ | |
https://www.mozilla.org/security/advisories/mfsa2025-46/ |