PT-2025-18155 · Mozilla+1 · Thunderbird+2

Hafiizh

Published

2025-04-29

Updated

2025-11-19

CVE-2025-4086

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Firefox for Android versions prior to 138 Thunderbird versions prior to 138

Description A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This issue affects Firefox for Android and Thunderbird.

Recommendations For Firefox for Android versions prior to 138, update to version 138 or later to resolve the issue. For Thunderbird versions prior to 138, update to version 138 or later to resolve the issue.

Fix

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-451

Related Identifiers

ALT-PU-2025-11100

ALT-PU-2025-14599

ALT-PU-2025-6353

ALT-PU-2025-6478

ALT-PU-2025-7695

ALT-PU-2025-7697

CVE-2025-4086

OPENSUSE-SU-2025:15045-1

Affected Products

Alt Linux

Firefox For Android

Thunderbird

PT-2025-18155 · Mozilla+1 · Thunderbird+2

CVE-2025-4086

Weakness Enumeration

Related Identifiers

Affected Products

References · 25