ГлавнаяУязвимости → CVE-2025-4085
7.1высокая

CVE-2025-4085

→ есть в БДУ: BDU:2025-11979 (на русском)
Описание (на английском; русское — в БДУ выше)

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

Затрагиваемое ПО
Mozilla FirefoxMozilla Thunderbird
CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Источники
https://bugzilla.mozilla.org/show_bug.cgi?id=1915280https://www.mozilla.org/security/advisories/mfsa2025-28/https://www.mozilla.org/security/advisories/mfsa2025-31/