← Back to CVE List
CVE-2025-3033
After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded.
*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 137 and Thunderbird < 137.
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt