CVE-2025-3033 Information
Apr 03, 2025
cve
Description
After selecting a malicious Windows .url shortcut from the local filesystem an unexpected file could be uploaded.
This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 137 and Thunderbird < 137.
Reference
https://bugzilla.mozilla.org/show_bug.cgi?id=1950056
https://www.mozilla.org/security/advisories/mfsa2025-20/
https://www.mozilla.org/security/advisories/mfsa2025-23/
After
selecting
a
malicious
Windows
.url
shortcut
from
the
local
filesystem
an
unexpected
file
could
be
uploaded.
This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 137 and Thunderbird < 137.
Share on: