CVE-2025-6429

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-6429
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-6429.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-6429
Downstream
Related
Published
2025-06-24T13:15:23Z
Modified
2025-08-09T20:01:26Z
Summary
[none]
Details

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

References

Affected packages