ALT-PU-2025-13988-3
Closed vulnerabilities
Published: 2025-10-23
BDU:2025-13293
Уязвимость функции Copy as cURL браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.1)
Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM (6.4)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
References:
Published: 2025-10-14
Modified: 2025-11-14
Modified: 2025-11-14
CVE-2025-11713
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
Severity: HIGH (8.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
References: