PT-2025-26726 · Mozilla+10 · Firefox+10

Masato Kinugawa

·

Published

2025-06-24

·

Updated

2025-12-03

·

CVE-2025-6429

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Firefox ESR versions prior to 128.12
Description: The issue arises from incorrect URL parsing when handling an embed tag, potentially rewriting the URL to a specific domain, such as youtube.com, and bypassing security checks that restrict embedding from certain domains.
Recommendations: For Firefox versions prior to 140, update to version 140 or later. For Firefox ESR versions prior to 128.12, update to version 128.12 or later.

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-116

Related Identifiers

ALSA-2025:10072
ALSA-2025:10073
ALSA-2025:10074
ALSA-2025:10246
ALT-PU-2025-10542
ALT-PU-2025-11100
ALT-PU-2025-11495
ALT-PU-2025-11497
ALT-PU-2025-14599
ALT-PU-2025-8725
ALT-PU-2025-9988
BDU:2025-07728
CESA-2025_10074
CESA-2025_10246
CVE-2025-6429
DLA-4231-1
DLA-4239-1
DSA-5950-1
DSA-5959-1
INFSA-2025_10072
INFSA-2025_10074
INFSA-2025_10196
INFSA-2025_10246
MGASA-2025-0201
MGASA-2025-0228
OESA-2025-1717
OESA-2025-1718
OESA-2025-1719
OESA-2025-1720
OESA-2025-1782
OESA-2025-1912
OPENSUSE-SU-2025-20135-1
OPENSUSE-SU-2025:15216-1
OPENSUSE-SU-2025:15312-1
OPENSUSE-SU-2025:15315-1
OPENSUSE-SU-2025:15325-1
OPENSUSE-SU-2025:20135-1
RHSA-2025:10072
RHSA-2025:10073
RHSA-2025:10074
RHSA-2025:10159
RHSA-2025:10160
RHSA-2025:10161
RHSA-2025:10163
RHSA-2025:10164
RHSA-2025:10165
RHSA-2025:10166
RHSA-2025:10181
RHSA-2025:10182
RHSA-2025:10183
RHSA-2025:10184
RHSA-2025:10185
RHSA-2025:10186
RHSA-2025:10187
RHSA-2025:10188
RHSA-2025:10195
RHSA-2025:10196
RHSA-2025:10246
RHSA-2025_10072
RHSA-2025_10074
RHSA-2025_10196
RHSA-2025_10246
SUSE-SU-2025:02122-1
SUSE-SU-2025:02123-1
SUSE-SU-2025:02339-1
SUSE-SU-2025:02368-1
SUSE-SU-2025:02529-1
SUSE-SU-2025:02546-1
SUSE-SU-2025:21170-1
SUSE-SU-2025_02122-1
SUSE-SU-2025_02123-1
SUSE-SU-2025_02339-1
SUSE-SU-2025_02529-1
USN-7663-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Firefox
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu