Search for vulnerabilities
Vulnerability details: VCID-u11d-tfnz-gygu
Vulnerability ID VCID-u11d-tfnz-gygu
Aliases CVE-2025-1936
Summary firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-754 Improper Check for Unusual or Exceptional Conditions
System Score Found at
cvssv3 5.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1936.json
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00125 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00125 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00125 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00125 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00125 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2025-1936
cvssv3.1 7.3 https://bugzilla.mozilla.org/show_bug.cgi?id=1940027
ssvc Track https://bugzilla.mozilla.org/show_bug.cgi?id=1940027
cvssv3.1 5.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-14
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2025-16
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-17
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2025-18
cvssv3.1 7.3 https://www.mozilla.org/security/advisories/mfsa2025-14/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-14/
cvssv3.1 7.3 https://www.mozilla.org/security/advisories/mfsa2025-16/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-16/
cvssv3.1 7.3 https://www.mozilla.org/security/advisories/mfsa2025-17/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-17/
cvssv3.1 7.3 https://www.mozilla.org/security/advisories/mfsa2025-18/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-18/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1936.json
https://api.first.org/data/v1/epss?cve=CVE-2025-1936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1936
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2349797 https://bugzilla.redhat.com/show_bug.cgi?id=2349797
CVE-2025-1936 https://nvd.nist.gov/vuln/detail/CVE-2025-1936
GLSA-202505-02 https://security.gentoo.org/glsa/202505-02
GLSA-202505-03 https://security.gentoo.org/glsa/202505-03
GLSA-202505-08 https://security.gentoo.org/glsa/202505-08
mfsa2025-14 https://www.mozilla.org/en-US/security/advisories/mfsa2025-14
mfsa2025-14 https://www.mozilla.org/security/advisories/mfsa2025-14/
mfsa2025-16 https://www.mozilla.org/en-US/security/advisories/mfsa2025-16
mfsa2025-16 https://www.mozilla.org/security/advisories/mfsa2025-16/
mfsa2025-17 https://www.mozilla.org/en-US/security/advisories/mfsa2025-17
mfsa2025-17 https://www.mozilla.org/security/advisories/mfsa2025-17/
mfsa2025-18 https://www.mozilla.org/en-US/security/advisories/mfsa2025-18
mfsa2025-18 https://www.mozilla.org/security/advisories/mfsa2025-18/
RHSA-2025:2359 https://access.redhat.com/errata/RHSA-2025:2359
RHSA-2025:2452 https://access.redhat.com/errata/RHSA-2025:2452
RHSA-2025:2479 https://access.redhat.com/errata/RHSA-2025:2479
RHSA-2025:2480 https://access.redhat.com/errata/RHSA-2025:2480
RHSA-2025:2481 https://access.redhat.com/errata/RHSA-2025:2481
RHSA-2025:2484 https://access.redhat.com/errata/RHSA-2025:2484
RHSA-2025:2485 https://access.redhat.com/errata/RHSA-2025:2485
RHSA-2025:2486 https://access.redhat.com/errata/RHSA-2025:2486
RHSA-2025:2699 https://access.redhat.com/errata/RHSA-2025:2699
RHSA-2025:2708 https://access.redhat.com/errata/RHSA-2025:2708
show_bug.cgi?id=1940027 https://bugzilla.mozilla.org/show_bug.cgi?id=1940027
USN-7334-1 https://usn.ubuntu.com/7334-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1936.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1940027
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T17:55:09Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1940027
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://www.mozilla.org/security/advisories/mfsa2025-14/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T17:55:09Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-14/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://www.mozilla.org/security/advisories/mfsa2025-16/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T17:55:09Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-16/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://www.mozilla.org/security/advisories/mfsa2025-17/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T17:55:09Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-17/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://www.mozilla.org/security/advisories/mfsa2025-18/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T17:55:09Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-18/
Exploit Prediction Scoring System (EPSS)
Percentile 0.17257
EPSS Score 0.00105
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-03-28T05:42:01.815169+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1936.json 36.0.0