CVE-2025-6427

CRITICAL

Firefox < 140 - CSRF

Title source: llm

Description

An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140.

References (3)

[Permissions Required] https://bugzilla.mozilla.org/show_bug.cgi?id=1966927

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2025-51/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2025-54/

Scores

CVSS v3 9.1

EPSS 0.0032

EPSS Percentile 54.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-693

Status published

Products (3)

mozilla/firefox < 140.0

Mozilla/Firefox 140

Mozilla/Thunderbird 140

Published Jun 24, 2025

Tracked Since Feb 18, 2026