CVE-2025-6432

Опубликовано: 24 июн. 2025

Источник: redhat

CVSS3: 3.4

EPSS Низкий

Описание

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140 and Thunderbird < 140.

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	firefox	Not affected
Red Hat Enterprise Linux 10	rhel10/firefox-flatpak	Not affected
Red Hat Enterprise Linux 6	firefox	Not affected
Red Hat Enterprise Linux 7	firefox	Not affected
Red Hat Enterprise Linux 8	firefox	Not affected
Red Hat Enterprise Linux 9	firefox	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=2374556firefox: DNS Requests leaked outside of a configured SOCKS proxy

EPSS

Процентиль: 29%

0.00105

Низкий

3.4 Low

CVSS3

Связанные уязвимости

CVE-2025-6432

CVSS3: 8.6

ubuntu

10 месяцев назад

CVE-2025-6432

CVSS3: 8.6

nvd

10 месяцев назад

CVE-2025-6432

CVSS3: 8.6

debian

10 месяцев назад

When Multi-Account Containers was enabled, DNS requests could have byp ...

GHSA-43h2-r954-f6w6

CVSS3: 8.6

github

9 месяцев назад

BDU:2025-08992

CVSS3: 8.6

fstec

10 месяцев назад

Уязвимость функции Multi-Account Container браузера Mozilla Firefox, позволяющая нарушителю обойти существующие ограничения безопасности прокси-сервера SOCKS и раскрыть защищаемую информацию

EPSS

Процентиль: 29%

0.00105

Низкий

3.4 Low

CVSS3