CVE-2025-11713HIGH 8.1EPSS p24.6%

CVE-2025-11713CVE-2025-11713

Description

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS0.33% probability of exploitation · percentile 24.6% · 2026-06-19T12:03:05Z
Published2025-10-14
Last modified2026-04-13

Underlying weaknesses· 1

CWE-116

References

  1. https://bugzilla.mozilla.org/show_bug.cgi?id=1986142
  2. https://www.mozilla.org/security/advisories/mfsa2025-81/
  3. https://www.mozilla.org/security/advisories/mfsa2025-83/
  4. https://www.mozilla.org/security/advisories/mfsa2025-84/
  5. https://www.mozilla.org/security/advisories/mfsa2025-85/

1

TypeTargetConfidenceTier
WeaknessImproper Encoding or Escaping of Outputcwe-1160%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-8030
CVE
CVE-2025-11721
CVE
CVE-2025-11714
CVE
CVE-2025-13027
CVE
CVE-2025-11715
CVE
CVE-2025-13018
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.