CVE-2025-5271

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 139

Description The issue involves previewing a response in Devtools ignoring CSP headers, potentially allowing content injection attacks.

Recommendations For versions prior to 139, update to version 139 or later to resolve the issue.

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

ALT-PU-2025-11100

ALT-PU-2025-11495

ALT-PU-2025-11497

ALT-PU-2025-14599

ALT-PU-2025-8611

ALT-PU-2025-8725

BDU:2025-06228

CVE-2025-5271

OPENSUSE-SU-2025:15196-1

USN-7991-1

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu