CVE-2025-4086

{"id": "CVE-2025-4086", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-04-29T14:15:35.267", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1945705", "tags": ["Permissions Required"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-451"}]}], "descriptions": [{"lang": "en", "value": "A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog.\n*This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138 and Thunderbird < 138."}, {"lang": "es", "value": "Un nombre de archivo especialmente manipulado que contiene una gran cantidad de caracteres de nueva l\u00ednea codificados podr\u00eda ocultar la extensi\u00f3n del archivo al mostrarse en el cuadro de di\u00e1logo de descarga. *Este error solo afecta a Firefox para Android. Las dem\u00e1s versiones de Firefox no se ven afectadas.* Esta vulnerabilidad afecta a Firefox (versi\u00f3n anterior a la 138) y Thunderbird (versi\u00f3n anterior a la 138)."}], "lastModified": "2025-05-09T19:33:18.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "EB8A8C7B-B65D-4DF5-BDB5-0C3C4E2DB72C", "versionEndExcluding": "138.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "D1E8CCF1-4E91-44CC-A652-B23D1337A485", "versionEndExcluding": "138.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}