Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-6425

Опубликовано: 24 июн. 2025
Источник: nvd
CVSS3: 4.3
EPSS Низкий

Описание

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Версия до 115.25.0 (исключая)
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
Версия до 140.0 (исключая)
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Версия от 116.0 (включая) до 128.12.0 (исключая)

EPSS

Процентиль: 20%
0.00064
Низкий

4.3 Medium

CVSS3

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2025-6425

CVSS3: 4.3
ubuntu
27 дней назад

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

redhat логотип

CVE-2025-6425

CVSS3: 6.1
redhat
27 дней назад

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

debian логотип

CVE-2025-6425

CVSS3: 4.3
debian
27 дней назад

An attacker who enumerated resources from the WebCompat extension coul ...

github логотип

GHSA-2h3c-qrcw-962q

CVSS3: 4.3
github
25 дней назад

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.

fstec логотип

BDU:2025-07724

CVSS3: 4.3
fstec
28 дней назад

Уязвимость расширения WebCompat браузеров Mozilla Firefox, Firefox ESR, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 20%
0.00064
Низкий

4.3 Medium

CVSS3

Дефекты

CWE-200