9.1

CVE-2025-6427

EPSS 0.32%
Veröffentlicht 24.06.2025 12:28:01
Zuletzt bearbeitet 13.04.2026 15:17:06
Quelle security@mozilla.org
CVE-Watchlists
Login
Unerledigt
Login

connect-src Content Security Policy restriction could be bypassed

An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox SwEdition- Version < 140.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.548

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://www.mozilla.org/security/advisories/mfsa2025-51/

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1966927

Permissions Required

https://www.mozilla.org/security/advisories/mfsa2025-54/

https://nvd.nist.gov/vuln/detail/CVE-2025-6427

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-6427

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-6427

EUVD