{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6426", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-06-20T14:51:29.856Z", "datePublished": "2025-06-24T12:28:00.614Z", "dateUpdated": "2026-04-13T14:30:40.735Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.12", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "140", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.12", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "140", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "The executable file warning did not warn users before opening files with the `terminal` extension. \n*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The executable file warning did not warn users before opening files with the <code>terminal</code> extension. <br>*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12."}]}], "title": "No warning when opening executable terminal files on macOS", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1964385"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-53/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-55/"}], "credits": [{"lang": "en", "value": "pwn2car"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:40.735Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-345", "lang": "en", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-06-25T14:21:30.828136Z", "id": "CVE-2025-6426", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T14:30:17.128Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-6426", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-25T14:21:30.828136Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T14:21:33.436Z"}}], "cna": {"title": "No warning when opening executable terminal files on macOS", "credits": [{"lang": "en", "value": "pwn2car"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "128.12", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "140", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.12", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "140", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1964385"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-53/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-55/"}], "descriptions": [{"lang": "en", "value": "The executable file warning did not warn users before opening files with the `terminal` extension. \n*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.", "supportingMedia": [{"type": "text/html", "value": "The executable file warning did not warn users before opening files with the <code>terminal</code> extension. <br>*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:40.735Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6426", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:30:40.735Z", "dateReserved": "2025-06-20T14:51:29.856Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-06-24T12:28:00.614Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "18420C6D-A5DF-41A4-8A81-F1BBFBA1BE2A", "versionEndExcluding": "128.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "77D2BF2A-26A3-4664-93B5-B41BCF17AC9E", "versionEndExcluding": "140.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The executable file warning did not warn users before opening files with the `terminal` extension. \n*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12."}, {"lang": "es", "value": "La advertencia del archivo ejecutable no avisaba a los usuarios antes de abrir archivos con la extensi\u00f3n `terminal`. *Este error solo afecta a Firefox para macOS. Las dem\u00e1s versiones de Firefox no se ven afectadas.* Esta vulnerabilidad afecta a Firefox &lt; 140 y Firefox ESR &lt; 128.12."}], "id": "CVE-2025-6426", "lastModified": "2026-04-13T15:17:06.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-06-24T13:15:23.537", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1964385"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-53/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2025-54/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2025-55/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: thunderbird: No warning when opening executable terminal files on macOS", "id": "2374560", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374560"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "details": ["The executable file warning did not warn users before opening files with the `terminal` extension. \n*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.", "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The executable file warning did not warn users before opening files with the terminal extension. This bug only affects Firefox and Thunderbird for macOS. Other versions of Thunderbird are unaffected."], "name": "CVE-2025-6426", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rhel10/thunderbird-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-24T12:28:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6426\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6426\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1964385\nhttps://www.mozilla.org/security/advisories/mfsa2025-51/\nhttps://www.mozilla.org/security/advisories/mfsa2025-53/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T22:28:47.973336+00:00", "value": {"mitigation_remediation": ["Upgrade Mozilla Firefox to version 140 or newer, or to Firefox ESR 128.12 or newer.", "Upgrade Mozilla Thunderbird to version 140 or newer, or to Thunderbird ESR 128.12 or newer.", "Ensure macOS is updated to the latest security releases and configure Gatekeeper to restrict the execution of unknown file types."], "summary": {"action": "Immediate Patch", "impact": "Potential code execution via unnotified terminal files"}, "threat_synthesis": {"affected_systems": "The issue is limited to Mozilla Firefox and Mozilla Thunderbird running on macOS, affecting versions prior to Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12. Other operating systems and non\u2011macOS builds of these browsers are not affected.", "description_and_impact": "This vulnerability permits files bearing a terminal extension to be opened in Firefox on macOS without the standard warning that flags executable content. Since the terminal extension is commonly linked to scripts or binaries, an attacker could deliver a terminal file that, when opened, could lead to the execution of arbitrary code. The information provided does not explicitly confirm whether the file is executed automatically, but based on the nature of the extension, code execution is a realistic and potentially severe outcome. The weakness is aligned with CWE\u2011345, which addresses information exposure that can lead to execution of malicious content.", "risk_and_exploitability": "The CVSS base score of 8.8 indicates a high severity, while the EPSS score of < 1% reflects limited current exploitation activity. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is the delivery of a malicious terminal file through channels such as email attachments, compromised websites, or infected downloads, with the user incorrectly opening the file on their macOS system."}}}}, "created": "2025-07-06T22:16:32.249230+00:00", "updated": "2026-04-20T22:30:19.875729+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox", "mozilla$PRODUCT$firefox_esr"]}