CVE-2025-4086 – Mozilla Firefox and Thunderbird File Extension Disclosure Vulnerability

April 29, 2025

CVE ID : CVE-2025-4086

Published : April 29, 2025, 2:15 p.m. | 1 hour, 48 minutes ago

Description : A specially crafted filename containing a large number of encoded newline characters could obscure the file’s extension when displayed in the download dialog.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4087 – “Firefox XPath Parsing Memory Corruption Vulnerability”

Next Article CVE-2025-4085 – Firefox UITour Actor Privilege Escalation

Highlights

CVE-2025-3853 – WordPress WPshop E-Commerce Plugin Insecure Direct Object Reference Vulnerability

May 6, 2025

CVE ID : CVE-2025-3853

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create valid API keys on behalf of other users.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

The 5 gadgets that got me through marathons and obstacle races (and why they work)

This beastly 500W charger replaced every other charger I had – with six ports to boot

Mac Mini won’t power on? Apple will fix it for you – for free

Why I’m switching to VS Code. Hint: It’s all about AI tool integration

From Concept to Code: Final Year PHP Projects with Reports for Smart Submissions

From Concept to Code: Final Year PHP Projects with Reports for Smart Submissions

Building Construction suppliers in India

Neutralinojs v6.1 released

Microsoft Edge’s Quiet Shift to AVIF: Why It Matters

Microsoft Edge’s Quiet Shift to AVIF: Why It Matters

Windows 11 test builds are accidentally playing the Windows Vista startup sound

Leaked: ROG Xbox Ally and Xbox Ally X pre-orders set for August, launch in October

CVE-2025-4086 – Mozilla Firefox and Thunderbird File Extension Disclosure Vulnerability

⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More

46,000+ Grafana Instances Exposed to Malicious Account Takeover Attacks

6 Best Free and Open Source Econometric Software

CVE-2025-5271 – Mozilla Firefox Content Security Policy Bypass

CVE-2025-43853 – “WAMR Symlink Following Vulnerability”

How to check apps draining the most battery on Windows 11

CVE-2025-3853 – WordPress WPshop E-Commerce Plugin Insecure Direct Object Reference Vulnerability

CVE-2025-5129 – Sangfor aTrust Directory Traversal Vulnerability

Microsoft Edge 135 is here with big new features, and even bigger changes

CVE-2025-39380 – Mojoomla Hospital Management System File Upload Vulnerability

CVE-2025-4086 – Mozilla Firefox and Thunderbird File Extension Disclosure Vulnerability

Related Posts