CVE-2025-8030
BaseFortify
Publication date: 2025-07-22
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | From 60.9.0 (exc) |
| mozilla | firefox | From 60.9.0 (exc) |
| mozilla | firefox | From 60.9.0 (exc) |
| mozilla | thunderbird | to 140.0 (inc) |
| mozilla | thunderbird | to 140.0 (inc) |
| mozilla | thunderbird | to 140.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves insufficient escaping in the 'Copy as cURL' feature of Firefox and Thunderbird. It could potentially be exploited to trick a user into executing unexpected code when using this feature.
How can this vulnerability impact me? :
The vulnerability could lead to a user unintentionally executing unexpected code, which may compromise the security of their system or data.
What immediate steps should I take to mitigate this vulnerability?
Update affected software to Firefox version 141 or later, Firefox ESR 128.13 or later, Firefox ESR 140.1 or later, Thunderbird version 141 or later, Thunderbird 128.13 or later, or Thunderbird 140.1 or later to mitigate this vulnerability.