CVE-2025-5264

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-5264

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-5264.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-5264

Downstream

DEBIAN-CVE-2025-5264

DLA-4191-1

DLA-4194-1

DSA-5926-1

DSA-5932-1

OESA-2025-1633

OESA-2025-1634

OESA-2025-1635

OESA-2025-1636

OESA-2025-1835

RHSA-2025:8293

RHSA-2025:8308

RHSA-2025:8341

RHSA-2025:8598

RHSA-2025:8599

RHSA-2025:8607

RHSA-2025:8608

RHSA-2025:8628

RHSA-2025:8629

RHSA-2025:8630

RHSA-2025:8631

RHSA-2025:8642

RHSA-2025:8756

RHSA-2025:9071

RHSA-2025:9072

RHSA-2025:9073

RHSA-2025:9074

RHSA-2025:9075

RHSA-2025:9076

RHSA-2025:9077

RHSA-2025:9155

RLSA-2025:8293

RLSA-2025:8308

RLSA-2025:8341

RLSA-2025:8607

RLSA-2025:8608

RLSA-2025:8756

SUSE-SU-2025:01814-1

UBUNTU-CVE-2025-5264

USN-7663-1

Related

Published

2025-05-27T13:15:22Z

Modified

2025-08-09T20:01:26Z

Summary

[none]

Details

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

References

Affected packages