Base Score

HIGH7.1

CVE-2025-4085

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.

VectorNETWORK

Published Bysecurity@mozilla.org

Published DateApr 29, 2025, 14:15

Weakness Type (CWE):CWE-269

CVSS Metrics

Base Score

7.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

LOW

Availability (A)

NONE

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1915280
https://www.mozilla.org/security/advisories/mfsa2025-28/
https://www.mozilla.org/security/advisories/mfsa2025-31/

Base Score

HIGH7.1

Weakness Type (CWE):CWE-269

CVSS Metrics

Base Score

7.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

LOW

Availability (A)

NONE