CVE-2025-4086 Information

Description

A specially crafted filename containing a large number of encoded newline characters could obscure the file’s extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 138 and Thunderbird < 138.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1945705 https://www.mozilla.org/security/advisories/mfsa2025-28/ https://www.mozilla.org/security/advisories/mfsa2025-31/