{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T20:01:30.786","vulnerabilities":[{"cve":{"id":"CVE-2025-4084","sourceIdentifier":"security@mozilla.org","published":"2025-04-29T14:15:35.097","lastModified":"2026-04-13T15:16:59.670","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Due to insufficient escaping of the special characters in the \"copy as cURL\" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.\n*This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox ESR 128.10, Firefox ESR 115.23, and Thunderbird 128.10."},{"lang":"es","value":"Debido a la insuficiente capacidad de escape de los caracteres especiales en la función \"copiar como cURL\", un atacante podría engañar a un usuario para que use este comando, lo que podría provocar la ejecución de código local en su sistema. *Este error solo afecta a Firefox para Windows. Las demás versiones de Firefox no se ven afectadas.* Esta vulnerabilidad afecta a Firefox ESR < 128.10, Firefox ESR < 115.23 y Thunderbird ESR < 128.10."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-116"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"115.23","matchCriteriaId":"C120A37E-1333-4278-9527-4F370BC78EA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionStartIncluding":"128.0","versionEndExcluding":"128.10","matchCriteriaId":"78457AB7-7F72-41FA-99F5-EE6D2B2AC9F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"128.10.0","matchCriteriaId":"DC19822B-CC07-4C6F-BAAD-C7A9C4E73FA9"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198","source":"security@mozilla.org","tags":["Broken Link"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-29/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-30/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-32/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00022.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}