FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mozilla -- local code execution

Affected packages
firefox-esr < 115.24.0
firefox < 139.0,2

Details

VuXML ID 5ec0b4e5-4222-11f0-976e-b42e991fc52e
Discovery 2025-05-27
Entry 2025-06-05

security@mozilla.org reports:

Due to insufficient escaping of the newline character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.

[source]

References

CVE Name CVE-2025-5264
URL https://nvd.nist.gov/vuln/detail/CVE-2025-5264

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.