{"id":"CVE-2025-5264","details":"Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox \u003c 139, Firefox ESR \u003c 115.24, Firefox ESR \u003c 128.11, Thunderbird \u003c 139, and Thunderbird \u003c 128.11.","modified":"2026-04-16T00:07:36.408727668Z","published":"2025-05-27T13:15:22.200Z","related":["ALSA-2025:8293","ALSA-2025:8308","ALSA-2025:8341","ALSA-2025:8607","ALSA-2025:8608","ALSA-2025:8756","SUSE-SU-2025:01769-1","SUSE-SU-2025:01814-1","SUSE-SU-2025:01946-1","SUSE-SU-2025:21170-1","openSUSE-SU-2025:15170-1","openSUSE-SU-2025:15174-1","openSUSE-SU-2025:15196-1","openSUSE-SU-2025:15315-1","openSUSE-SU-2025:20135-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-42/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-43/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-44/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-45/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-46/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1950001"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"115.24.0"}]},{"events":[{"introduced":"0"},{"fixed":"139.0"}]},{"events":[{"introduced":"116.0"},{"fixed":"128.11.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-5264.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"}]}