CVE-2025-1936

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1936
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1940027
https://www.mozilla.org/security/advisories/mfsa2025-14/
https://www.mozilla.org/security/advisories/mfsa2025-16/
https://www.mozilla.org/security/advisories/mfsa2025-17/
https://www.mozilla.org/security/advisories/mfsa2025-18/
Configurations

No configuration.

History

26 Mar 2025, 17:15

Type Values Removed Values Added
CWE CWE-158

25 Mar 2025, 18:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.3
Summary
  • (es) jar: las URL recuperan el contenido de un archivo local empaquetado en un archivo ZIP. El valor null y todo lo que le sigue se ignoran al recuperar el contenido del archivo, pero la extensión falsa que sigue al valor null se utiliza para determinar el tipo de contenido. Esto podría haberse utilizado para ocultar código en una extensión web camuflada en otra cosa, como una imagen. Esta vulnerabilidad afecta a Firefox &lt; 136, Firefox ESR &lt; 128.8, Thunderbird &lt; 136 y Thunderbird &lt; 128.8.

05 Mar 2025, 00:15

Type Values Removed Values Added
References
  • () https://www.mozilla.org/security/advisories/mfsa2025-17/ -
  • () https://www.mozilla.org/security/advisories/mfsa2025-18/ -
Summary (en) jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8. (en) jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

04 Mar 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-04 14:15

Updated : 2025-03-26 17:15

NVD link : CVE-2025-1936

Mitre link : CVE-2025-1936

CVE.ORG link : CVE-2025-1936

JSON object : View

Products Affected

No product.

CWE
CWE-158

Improper Neutralization of Null Byte or NUL Character