Home

CVE-2025-3033

Description

After selecting a malicious Windows .url shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

Risk Information

Base Score
7.7
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.076

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Mozilla Firefox (137.0)Windows
Multiple vulnerabilities are fixed in Mozilla Firefox (x64) (137.0)Windows
Multiple vulnerabilities are fixed in Mozilla Thunderbird (137.0)Windows
Multiple vulnerabilities are fixed in Mozilla Thunderbird (x64) (137.0)Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 136.99Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 136.99Windows
Multiple Vulnerabilities are affected in Mozilla Thunderbird 136.99Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (137.0)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (137.0.1)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (137.0.2)Mac
Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac 137Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-346690Mozilla Firefox (137.0)
PATCH-346691Mozilla Firefox (x64) (137.0)
PATCH-346735Mozilla Thunderbird (137.0)
PATCH-346736Mozilla Thunderbird (x64) (137.0)
PATCH-351030Mozilla Firefox (x64) (142.0.1)
PATCH-351029Mozilla Firefox (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611807Mozilla Thunderbird For Mac (142.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234