CVE-2025-4089 – Mozilla Firefox/Thunderbird Command Injection Vulnerability

April 29, 2025

CVE ID : CVE-2025-4089

Published : April 29, 2025, 2:15 p.m. | 1 hour, 48 minutes ago

Description : Due to insufficient escaping of special characters in the “copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user’s system. This vulnerability affects Firefox
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4090 – “Mozilla Firefox Android and Thunderbird Information Disclosure”

Next Article CVE-2025-4088 – “Firefox Storage Access API Cross-Site Request Forgery Vulnerability”

Highlights

CVE-2025-5878 – “ESAPI SQL Injection Defense Encoder Encoder.encodeForSQL Improper Neutralization”

June 29, 2025

CVE ID : CVE-2025-5878

Published : June 29, 2025, 12:15 p.m. | 3 hours, 2 minutes ago

Description : A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been disclosed to the public. The project was contacted early about this issue and handled it with an exceptional level of professionalism. Upgrading to version 2.7.0.0 is able to address this issue. Commit ID f75ac2c2647a81d2cfbdc9c899f8719c240ed512 is disabling the feature by default and any attempt to use it will trigger a warning. And commit ID e2322914304d9b1c52523ff24be495b7832f6a56 is updating the misleading Java class documentation to warn about the risks.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

AI-Generated Code Poses Major Security Risks in Nearly Half of All Development Tasks, Veracode Research Reveals

Understanding the code modernization conundrum

Not just YouTube: Google is using AI to guess your age based on your activity – everywhere

Malicious extensions can use ChatGPT to steal your personal data – here’s how

What Zuckerberg’s ‘personal superintelligence’ sales pitch leaves out

This handy NordVPN tool flags scam calls on Android – even before you answer

Route Optimization through Laravel’s Shallow Resource Architecture

Route Optimization through Laravel’s Shallow Resource Architecture

This Week in Laravel: Laracon News, Free Laravel Idea, and Claude Code Course

Everything We Know About Pest 4

FOSS Weekly #25.31: Kernel 6.16, OpenMandriva Review, Conky Customization, System Monitoring and More

FOSS Weekly #25.31: Kernel 6.16, OpenMandriva Review, Conky Customization, System Monitoring and More

Windows 11’s MSN Widgets board now opens in default browser, such as Chrome (EU only)

Microsoft’s new “move to Windows 11” campaign implies buying OneDrive paid plan

CVE-2025-4089 – Mozilla Firefox/Thunderbird Command Injection Vulnerability

The hidden risks of browser extensions – and how to stay safe

Minnesota National Guard Deployed After Major Cyberattack on St. Paul City Systems

CVE-2025-29331 – MHSanaei 3x-ui Remote Code Execution Vulnerability

Windows 11 KB5055627 update makes File Explorer more fluid

Rhino Linux presenta il nuovo ambiente desktop UBXI basato su KDE e il gestore pacchetti RPK2

CVE-2024-38341 – IBM Sterling Secure Proxy Weak Cryptographic Algorithm Vulnerability

CVE-2025-5878 – “ESAPI SQL Injection Defense Encoder Encoder.encodeForSQL Improper Neutralization”

CVE-2025-4067 – ScriptAndTools Online-Travling-System Remote File Inclusion Vulnerability

CVE-2025-7792 – Tenda FH451 Stack-Based Buffer Overflow Vulnerability

Microsoft Shifts Windows Licensing to Azure with Confidential Computing

CVE-2025-4089 – Mozilla Firefox/Thunderbird Command Injection Vulnerability

Related Posts