CVE-2025-3033

HIGH Year: 2025
CVSS v3 Score
7.7
High
Weakness Type
CWE-73
View all →

Vulnerability Description

After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 137 and Thunderbird < 137.

Related Vulnerabilities

CVE-2024-33671

HIGH
CVSS:7.7(High)

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected ...

CWE-732024

CVE-2020-15264

HIGH
CVSS:7.8(High)

The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged user...

CWE-732020

CVE-2020-1984

HIGH
CVSS:7.8(High)

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system priv...

CWE-732020

CVE-2021-22539

HIGH
CVSS:7.8(High)

An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As ...

CWE-732021

CVE-2022-34669

HIGH
CVSS:7.8(High)

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the appl...

CWE-732022