CVE-2025-6429
24.06.2025, 13:15
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.Enginsight
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 < 128.12.0 |
| mozilla | firefox | 𝑥 < 140.0 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||
| firefox-esr |
| ||||||||||||||
| thunderbird |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||
| thunderbird |
| ||||||||||||
| mozjs38 |
| ||||||||||||
| mozjs52 |
| ||||||||||||
| mozjs68 |
| ||||||||||||
| mozjs78 |
| ||||||||||||
| mozjs91 |
| ||||||||||||
| mozjs102 |
| ||||||||||||
| mozjs115 |
|