Логотип exploitDog
bind:"CVE-2025-6424" OR bind:"CVE-2025-6425" OR bind:"CVE-2025-6429" OR bind:"CVE-2025-6430"
Консоль
Логотип exploitDog

exploitDog

bind:"CVE-2025-6424" OR bind:"CVE-2025-6425" OR bind:"CVE-2025-6429" OR bind:"CVE-2025-6430"

Количество 37

Количество 37

redhat логотип

CVE-2025-6425

около 1 месяца назад

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.1
EPSS: Низкий
nvd логотип

CVE-2025-6425

около 1 месяца назад

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 4.3
EPSS: Низкий
debian логотип

CVE-2025-6425

около 1 месяца назад

An attacker who enumerated resources from the WebCompat extension coul ...

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2h3c-qrcw-962q

около 1 месяца назад

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.

CVSS3: 4.3
EPSS: Низкий
fstec логотип

BDU:2025-07724

около 1 месяца назад

Уязвимость расширения WebCompat браузеров Mozilla Firefox, Firefox ESR, позволяющая нарушителю раскрыть защищаемую информацию

CVSS3: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2025-6430

около 1 месяца назад

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `&lt;embed&gt;` or `&lt;object&gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.1
EPSS: Низкий
redhat логотип

CVE-2025-6430

около 1 месяца назад

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `&lt;embed&gt;` or `&lt;object&gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.1
EPSS: Низкий
nvd логотип

CVE-2025-6430

около 1 месяца назад

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `&lt;embed&gt;` or `&lt;object&gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.1
EPSS: Низкий
debian логотип

CVE-2025-6430

около 1 месяца назад

When a file download is specified via the `Content-Disposition` header ...

CVSS3: 6.1
EPSS: Низкий
ubuntu логотип

CVE-2025-6429

около 1 месяца назад

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.5
EPSS: Низкий
redhat логотип

CVE-2025-6429

около 1 месяца назад

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.1
EPSS: Низкий
nvd логотип

CVE-2025-6429

около 1 месяца назад

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.5
EPSS: Низкий
debian логотип

CVE-2025-6429

около 1 месяца назад

Firefox could have incorrectly parsed a URL and rewritten it to the yo ...

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-fvqv-c5hj-jcrp

около 1 месяца назад

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `&lt;embed&gt;` or `&lt;object&gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-8r38-4g4q-hgvw

около 1 месяца назад

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.

CVSS3: 6.5
EPSS: Низкий
fstec логотип

BDU:2025-07728

около 1 месяца назад

Уязвимость браузеров Mozilla Firefox, Firefox ESR, связанная с неправильным кодированием или экранированием выходных данных, позволяющая нарушителю обойти существующие ограничения безопасности и перенаправить пользователя на другой веб-сайт

CVSS3: 6.5
EPSS: Низкий
fstec логотип

BDU:2025-07582

около 1 месяца назад

Уязвимость компонента HTTP Header Handler браузеров Mozilla Firefox, Firefox ESR, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS)

CVSS3: 6.1
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
redhat логотип
CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.1
0%
Низкий
около 1 месяца назад
nvd логотип
CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 4.3
0%
Низкий
около 1 месяца назад
debian логотип
CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension coul ...

CVSS3: 4.3
0%
Низкий
около 1 месяца назад
github логотип
GHSA-2h3c-qrcw-962q

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.

CVSS3: 4.3
0%
Низкий
около 1 месяца назад
fstec логотип
BDU:2025-07724

Уязвимость расширения WebCompat браузеров Mozilla Firefox, Firefox ESR, позволяющая нарушителю раскрыть защищаемую информацию

CVSS3: 4.3
0%
Низкий
около 1 месяца назад
ubuntu логотип
CVE-2025-6430

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `&lt;embed&gt;` or `&lt;object&gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.1
0%
Низкий
около 1 месяца назад
redhat логотип
CVE-2025-6430

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `&lt;embed&gt;` or `&lt;object&gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.1
0%
Низкий
около 1 месяца назад
nvd логотип
CVE-2025-6430

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `&lt;embed&gt;` or `&lt;object&gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.1
0%
Низкий
около 1 месяца назад
debian логотип
CVE-2025-6430

When a file download is specified via the `Content-Disposition` header ...

CVSS3: 6.1
0%
Низкий
около 1 месяца назад
ubuntu логотип
CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.5
0%
Низкий
около 1 месяца назад
redhat логотип
CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.1
0%
Низкий
около 1 месяца назад
nvd логотип
CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

CVSS3: 6.5
0%
Низкий
около 1 месяца назад
debian логотип
CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the yo ...

CVSS3: 6.5
0%
Низкий
около 1 месяца назад
github логотип
GHSA-fvqv-c5hj-jcrp

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `&lt;embed&gt;` or `&lt;object&gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.

CVSS3: 6.1
0%
Низкий
около 1 месяца назад
github логотип
GHSA-8r38-4g4q-hgvw

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.

CVSS3: 6.5
0%
Низкий
около 1 месяца назад
fstec логотип
BDU:2025-07728

Уязвимость браузеров Mozilla Firefox, Firefox ESR, связанная с неправильным кодированием или экранированием выходных данных, позволяющая нарушителю обойти существующие ограничения безопасности и перенаправить пользователя на другой веб-сайт

CVSS3: 6.5
0%
Низкий
около 1 месяца назад
fstec логотип
BDU:2025-07582

Уязвимость компонента HTTP Header Handler браузеров Mozilla Firefox, Firefox ESR, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS)

CVSS3: 6.1
0%
Низкий
около 1 месяца назад

Уязвимостей на страницу