CVE-2025-6435 | THREATINT

Description

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the `.download` file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and Thunderbird 140.

PUBLISHED Reserved 2025-06-20 | Published 2025-06-24 | Updated 2026-04-13 | Assigner mozilla

Product status

140 (rpm)

unaffected

140 (rpm)

unaffected

Credits

Ameen Basha M K

References

bugzilla.mozilla.org/show_bug.cgi?id=1950056

bugzilla.mozilla.org/show_bug.cgi?id=1961777

www.mozilla.org/security/advisories/mfsa2025-51/

www.mozilla.org/security/advisories/mfsa2025-54/

cve.org (CVE-2025-6435)

nvd.nist.gov (CVE-2025-6435)

Download JSON