CVE-2025-4086 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
mozilla	CNA	---				---
CISA-ADP	ADP	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Vendor	Product	Version
mozilla	firefox	𝑥 < 138.0
mozilla	thunderbird	𝑥 < 138.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

firefox

sid	139.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

firefox

plucky	not-affected
oracular	not-affected
noble	not-affected
jammy	not-affected
focal	not-affected

thunderbird

plucky	not-affected
oracular	not-affected
noble	not-affected
jammy	not-affected
focal	not-affected

Common Weakness Enumeration

CWE-451 - User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

Vulnerability Media Exposure

[GERMAN] Mozilla Firefox, Firefox ESR, Thunderbird and Thunderbird ESR: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellenin Mozilla Firefox, Firefox ESR, Thunderbird und Thunderbird ESR ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen preiszugeben, Daten zu manipulieren oder andere nicht spezifizierte Angriffe durchzuführen.
Published: 2025-04-29T22:00:00+00:00

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1945705

https://www.mozilla.org/security/advisories/mfsa2025-28/

https://www.mozilla.org/security/advisories/mfsa2025-31/