CVE-2025-5264 Information

Description

Due to insufficient escaping of the newline character in the “Copy as cURL” feature an attacker could trick a user into using this command potentially leading to local code execution on the user’s system. This vulnerability affects Firefox < 139 Firefox ESR < 115.24 and Firefox ESR < 128.11.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1950001 https://www.mozilla.org/security/advisories/mfsa2025-42/ https://www.mozilla.org/security/advisories/mfsa2025-43/ https://www.mozilla.org/security/advisories/mfsa2025-44/