CVE-2025-11713

Potential user-assisted code execution in “Copy as cURL” command

CVSS 8.1 HIGHEPSS 0.3%CWE-116

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 out 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Produtos afetados

Mozilla · Firefox Mozilla · Thunderbird

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://bugzilla.mozilla.org/show_bug.cgi?id=1986142 https://www.mozilla.org/security/advisories/mfsa2025-81/https://www.mozilla.org/security/advisories/mfsa2025-83/https://www.mozilla.org/security/advisories/mfsa2025-84/https://www.mozilla.org/security/advisories/mfsa2025-85/