{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8030", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-07-22T10:13:53.205Z", "datePublished": "2025-07-22T20:49:25.931Z", "dateUpdated": "2026-04-13T14:26:55.584Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.13", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "140.1", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "141", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.13", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "140.1", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "141", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Insufficient escaping in the \u201cCopy as cURL\u201d feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Insufficient escaping in the \u201cCopy as cURL\u201d feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."}]}], "title": "Potential user-assisted code execution in \u201cCopy as cURL\u201d command", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968414"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"}], "credits": [{"lang": "en", "value": "Ameen Basha M K"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:26:55.584Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-8030", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-24T03:55:29.670565Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T17:50:24.064Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:07:48.256Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:07:48.256Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-8030", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-24T03:55:29.670565Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-23T14:20:47.907Z"}}], "cna": {"title": "Potential user-assisted code execution in \u201cCopy as cURL\u201d command", "credits": [{"lang": "en", "value": "Ameen Basha M K"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "128.13", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "140.1", "versionType": "rpm", "lessThanOrEqual": "140.*"}, {"status": "unaffected", "version": "141", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.13", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "140.1", "versionType": "rpm", "lessThanOrEqual": "140.*"}, {"status": "unaffected", "version": "141", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968414"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"}], "descriptions": [{"lang": "en", "value": "Insufficient escaping in the \u201cCopy as cURL\u201d feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.", "supportingMedia": [{"type": "text/html", "value": "Insufficient escaping in the \u201cCopy as cURL\u201d feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:26:55.584Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8030", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:26:55.584Z", "dateReserved": "2025-07-22T10:13:53.205Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-07-22T20:49:25.931Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "7C22C9BA-7B86-487A-B0A4-419A0D163B56", "versionEndExcluding": "128.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "8684A46E-D70A-4830-8971-A6DCC360F422", "versionEndExcluding": "141.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "BB48C2EF-A6AC-4445-9417-1B65D5BC509B", "versionEndExcluding": "140.1.0", "versionStartIncluding": "140.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "matchCriteriaId": "B9BB9B0C-2B49-44EA-9BED-241A8CE8794E", "versionEndExcluding": "128.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "matchCriteriaId": "95D506DD-BD9B-4D90-802F-5BE673F1CF14", "versionEndExcluding": "141.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "matchCriteriaId": "8CE266C2-5AF1-4C57-9B7C-47039FF06384", "versionEndExcluding": "140.1.0", "versionStartIncluding": "140.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient escaping in the \u201cCopy as cURL\u201d feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."}, {"lang": "es", "value": "Un escape insuficiente en la funci\u00f3n \"Copiar como cURL\" podr\u00eda utilizarse para enga\u00f1ar al usuario y que ejecute c\u00f3digo inesperado. Esta vulnerabilidad afecta a Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13 y Thunderbird < 140.1."}], "id": "CVE-2025-8030", "lastModified": "2026-04-13T15:17:09.197", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-22T21:15:50.157", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968414"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:11797", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "firefox-0:128.13.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-07-28T00:00:00Z"}, {"advisory": "RHSA-2025:11747", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:128.13.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-07-24T00:00:00Z"}, {"advisory": "RHSA-2025:11748", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.13.0-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-07-24T00:00:00Z"}], "bugzilla": {"description": "firefox: thunderbird: Potential user-assisted code execution in \u201cCopy as cURL\u201d command", "id": "2382710", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382710"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-94", "details": ["Insufficient escaping in the \u201cCopy as cURL\u201d feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.", "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue:\nInsufficient escaping in the \u201cCopy as cURL\u201d feature could potentially be used to trick a user into executing unexpected code."], "name": "CVE-2025-8030", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/thunderbird-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-22T20:49:25Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-8030\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-8030\nhttps://www.mozilla.org/security/advisories/mfsa2025-58/#CVE-2025-8030\nhttps://www.mozilla.org/security/advisories/mfsa2025-62/#CVE-2025-8030"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T16:54:57.027999+00:00", "value": {"mitigation_remediation": ["Apply the latest Mozilla updates for Firefox and Thunderbird, which contain the necessary escaping fixes.", "If an update cannot be applied immediately, temporarily disable or disable the \u201cCopy as cURL\u201d functionality in the application settings to prevent unintended command execution.", "Educate users about the risks of executing copied commands from untrusted sources and reinforce phishing awareness."], "summary": {"action": "Immediate Patch", "impact": "User-assisted code execution"}, "threat_synthesis": {"affected_systems": "Affected products are Mozilla Firefox and Mozilla Thunderbird. Versions prior to Firefox 141, Firefox ESR 128.13 and 140.1, and Thunderbird 141, 128.13 and 140.1 are vulnerable. The feature is present on both the standard and ESR releases for Windows, macOS, Linux and Android. No specific operating\u2011system version restrictions beyond those tied to the product are listed.", "description_and_impact": "The vulnerability arises from insufficient escaping in the \u201cCopy as cURL\u201d feature. An attacker could craft a curl command that, when a user copies it and executes it in a terminal, would run arbitrary code on the local machine. This introduces a possibility of code execution that relies on a user trusting the command, thereby compromising the integrity of the system.", "risk_and_exploitability": "The CVSS score of 8.1 indicates a high severity. The EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Likely exploitation requires the user to copy the malicious curl command and run it in a shell, implying a social\u2011engineering or phishing vector."}}}}, "created": "2025-07-23T17:35:58.306838+00:00", "updated": "2026-04-20T17:00:12.744901+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox", "mozilla$PRODUCT$firefox_esr", "mozilla$PRODUCT$thunderbird"]}