Medium severity4.8NVD Advisory· Published May 27, 2025· Updated Apr 13, 2026
CVE-2025-5264
CVE-2025-5264
Description
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
40cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*range: <139.0
- cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*range: <115.24.0
- (no CPE)range: <115.24
- (no CPE)range: <139
- Range: <139
- osv-coords35 versionspkg:apk/chainguard/firefoxpkg:apk/chainguard/firefox-esrpkg:apk/wolfi/firefoxpkg:rpm/almalinux/firefoxpkg:rpm/almalinux/firefox-x11pkg:rpm/almalinux/thunderbirdpkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs128&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/mozjs128&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7pkg:rpm/suse/mozjs128&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/mozjs128&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 128.11-r0+ 34 more
- (no CPE)range: < 128.11-r0
- (no CPE)range: < 115.24-r0
- (no CPE)range: < 128.11-r0
- (no CPE)range: < 128.11.0-1.el9_6.alma.1
- (no CPE)range: < 128.11.0-1.el9_6.alma.1
- (no CPE)range: < 128.11.0-1.el9_6.alma.1
- (no CPE)range: < 128.11.0-1.1
- (no CPE)range: < 128.11.0-150200.152.185.1
- (no CPE)range: < 139.0.1-1.1
- (no CPE)range: < 128.11.0-150200.8.221.1
- (no CPE)range: < 128.11.0-1.1
- (no CPE)range: < 128.14.0-160000.1.1
- (no CPE)range: < 128.12.0-1.1
- (no CPE)range: < 128.11.0-150200.152.185.1
- (no CPE)range: < 128.11.0-150200.152.185.1
- (no CPE)range: < 128.11.0-150200.152.185.1
- (no CPE)range: < 128.11.0-150200.152.185.1
- (no CPE)range: < 128.11.0-150200.152.185.1
- (no CPE)range: < 128.11.0-150200.152.185.1
- (no CPE)range: < 128.11.0-150200.152.185.1
- (no CPE)range: < 128.11.0-150200.152.185.1
- (no CPE)range: < 128.11.0-112.262.1
- (no CPE)range: < 128.11.0-150200.152.185.1
- (no CPE)range: < 128.11.0-150200.152.185.1
- (no CPE)range: < 128.11.0-150200.152.185.1
- (no CPE)range: < 128.11.0-150200.152.185.1
- (no CPE)range: < 128.11.0-150200.152.185.1
- (no CPE)range: < 128.11.0-150200.152.185.1
- (no CPE)range: < 128.11.0-112.262.1
- (no CPE)range: < 128.11.0-150200.8.221.1
- (no CPE)range: < 128.11.0-150200.8.221.1
- (no CPE)range: < 128.11.0-150200.8.221.1
- (no CPE)range: < 128.11.0-150200.8.221.1
- (no CPE)range: < 128.14.0-160000.1.1
- (no CPE)range: < 128.14.0-160000.1.1
Patches
Vulnerability mechanics
References
8- www.mozilla.org/security/advisories/mfsa2025-42/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-43/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-44/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdPermissions Required
- lists.debian.org/debian-lts-announce/2025/05/msg00043.htmlnvd
- lists.debian.org/debian-lts-announce/2025/05/msg00046.htmlnvd
- www.mozilla.org/security/advisories/mfsa2025-45/nvd
- www.mozilla.org/security/advisories/mfsa2025-46/nvd
News mentions
0No linked articles in our index yet.