Main Vulnerability Database Vulnerabilities #VU111887

#VU111887 Insufficient UI Warning of Dangerous Operations in Firefox ESR and Mozilla Firefox - CVE-2025-6426

Published: June 24, 2025

Vulnerability identifier: #VU111887

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-6426

CWE-ID: CWE-357

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Firefox ESR
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the terminal extension does not show a warning when opening an executable terminal filer on macOS. A remote attacker can trick the victim into executing an executable file and compromise the affected system.

Note, the vulnerability affects macOS installations only.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/
https://bugzilla.mozilla.org/show_bug.cgi?id=1964385

#VU111887 Insufficient UI Warning of Dangerous Operations in Firefox ESR and Mozilla Firefox - CVE-2025-6426

Description

Remediation

External links

Please verify you're human