CVE-2025-5265 Information

Description

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature an attacker could trick a user into using this command potentially leading to local code execution on the user’s system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 139 Firefox ESR < 115.24 and Firefox ESR < 128.11.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1962301 https://www.mozilla.org/security/advisories/mfsa2025-42/ https://www.mozilla.org/security/advisories/mfsa2025-43/ https://www.mozilla.org/security/advisories/mfsa2025-44/