PT-2025-26722 · Mozilla+12 · Firefox+12

Rob Wu

·

Published

2025-06-24

·

Updated

2025-12-03

·

CVE-2025-6425

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Firefox ESR versions prior to 115.25 Firefox ESR versions prior to 128.12
Description: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser. This UUID persisted between containers and normal/private browsing mode, but not profiles.
Recommendations: For Firefox versions prior to 140, update to version 140 or later. For Firefox ESR versions prior to 115.25, update to version 115.25 or later. For Firefox ESR versions prior to 128.12, update to version 128.12 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALSA-2025:10072
ALSA-2025:10073
ALSA-2025:10074
ALSA-2025:10246
ALT-PU-2025-11100
ALT-PU-2025-11495
ALT-PU-2025-11497
ALT-PU-2025-14599
ALT-PU-2025-8725
ALT-PU-2025-9988
BDU:2025-07724
CESA-2025_10074
CESA-2025_10246
CVE-2025-6425
DLA-4231-1
DLA-4239-1
DSA-5950-1
DSA-5959-1
INFSA-2025_10072
INFSA-2025_10074
INFSA-2025_10196
INFSA-2025_10246
MGASA-2025-0201
MGASA-2025-0228
OESA-2025-1717
OESA-2025-1718
OESA-2025-1719
OESA-2025-1720
OESA-2025-1782
OESA-2025-1912
OPENSUSE-SU-2025-20135-1
OPENSUSE-SU-2025:15216-1
OPENSUSE-SU-2025:15312-1
OPENSUSE-SU-2025:15315-1
OPENSUSE-SU-2025:15325-1
OPENSUSE-SU-2025:20135-1
RHSA-2025:10072
RHSA-2025:10073
RHSA-2025:10074
RHSA-2025:10159
RHSA-2025:10160
RHSA-2025:10161
RHSA-2025:10163
RHSA-2025:10164
RHSA-2025:10165
RHSA-2025:10166
RHSA-2025:10181
RHSA-2025:10182
RHSA-2025:10183
RHSA-2025:10184
RHSA-2025:10185
RHSA-2025:10186
RHSA-2025:10187
RHSA-2025:10188
RHSA-2025:10195
RHSA-2025:10196
RHSA-2025:10246
RHSA-2025_10072
RHSA-2025_10074
RHSA-2025_10196
RHSA-2025_10246
SUSE-SU-2025:02122-1
SUSE-SU-2025:02123-1
SUSE-SU-2025:02339-1
SUSE-SU-2025:02368-1
SUSE-SU-2025:02529-1
SUSE-SU-2025:02546-1
SUSE-SU-2025:21170-1
SUSE-SU-2025_02122-1
SUSE-SU-2025_02123-1
SUSE-SU-2025_02339-1
SUSE-SU-2025_02529-1
USN-7663-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Firefox
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Webcompat