CVE-2025-4085 Information

Description

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1915280 https://www.mozilla.org/security/advisories/mfsa2025-28/ https://www.mozilla.org/security/advisories/mfsa2025-31/