Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and Thunderbird < 138.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Due to insufficient escaping of special characters in the copy as cURL feature, an attacker could trick     a user into using this command, potentially leading to local code execution on the user's system. This     vulnerability affects Firefox < 138 and Thunderbird < 138. (CVE-2025-4089)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a59bd59e-2e85-11f0-a989-b42e991fc52e advisory.

    security@mozilla.org reports:
    Due to insufficient escaping of special characters in the                 copy as cURL feature, an attacker could trick               a user into using this command, potentially leading to local               code execution on the user's system.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-33d579ecb1 advisory.

    - Update to latest upstream (138.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 138.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-31 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level     updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an     attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled     by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Thunderbird for     macOS. Other versions of Thunderbird are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - An attacker with control over a content process could potentially leverage the privileged UITour actor to     leak sensitive information or escalate privileges. (CVE-2025-4085)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 138.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-31 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level     updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an     attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled     by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Thunderbird for     macOS. Other versions of Thunderbird are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - An attacker with control over a content process could potentially leverage the privileged UITour actor to     leak sensitive information or escalate privileges. (CVE-2025-4085)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 138.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-28 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-     level updater by manipulating the file-locking behavior. By injecting code into the user-privileged     process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths     controlled by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS.
    Other versions of Firefox are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - An attacker with control over a content process could potentially leverage the privileged UITour actor to     leak sensitive information or escalate privileges. (CVE-2025-4085)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 138.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-28 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-     level updater by manipulating the file-locking behavior. By injecting code into the user-privileged     process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths     controlled by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS.
    Other versions of Firefox are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - An attacker with control over a content process could potentially leverage the privileged UITour actor to     leak sensitive information or escalate privileges. (CVE-2025-4085)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
245739	Linux Distros Unpatched Vulnerability : CVE-2025-4089	Nessus	Misc.	medium
235698	FreeBSD : Mozilla -- insufficient character escaping (a59bd59e-2e85-11f0-a989-b42e991fc52e)	Nessus	FreeBSD Local Security Checks	medium
235469	Fedora 41 : firefox (2025-33d579ecb1)	Nessus	Fedora Local Security Checks	critical
234927	Mozilla Thunderbird < 138.0	Nessus	MacOS X Local Security Checks	high
234926	Mozilla Thunderbird < 138.0	Nessus	Windows	high
234925	Mozilla Firefox < 138.0	Nessus	MacOS X Local Security Checks	high
234924	Mozilla Firefox < 138.0	Nessus	Windows	high

Detections

Analytics

CVE-2025-4089

medium

Tenable Plugins

medium

medium

critical

high

high

high

high