CVE-2025-6426Insufficient Verification of Data Authenticity in Mozilla Firefox

CWE-345Insufficient Verification of Data Authenticity11 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.0%
top 86.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird
Timeline
PublishedJun 24
Latest updateJul 22

Description

The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDmozilla/firefox< 128.12.0+1
Ubuntumozilla/thunderbird< 1:128.12.0+build1-0ubuntu0.22.04.1

🔴Vulnerability Details

3
GHSA
GHSA-9x34-3cq7-4hf6: The executable file warning did not warn users before opening files with the `terminal` extension2025-06-26
CVEList
No warning when opening executable terminal files on macOS2025-06-24
OSV
CVE-2025-6426: The executable file warning did not warn users before opening files with the `terminal` extension2025-06-24

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2025-07-22
Red Hat
firefox: thunderbird: No warning when opening executable terminal files on macOS2025-06-24
Debian
CVE-2025-6426: firefox - The executable file warning did not warn users before opening files with the `te...2025
Mozilla
Mozilla Foundation Security Advisory 2025-53: CVE-2025-6426
Mozilla
Mozilla Foundation Security Advisory 2025-54: CVE-2025-6426
CVE-2025-6426 — Mozilla Firefox vulnerability | cvebase