Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/firefox@140.0-1?distro=sid

Type deb

Namespace debian

Name firefox

Version 140.0-1

Qualifiers

distro	sid

Subpath

Is_vulnerable false

Next_non_vulnerable_version 141.0-1

Latest_non_vulnerable_version 150.0-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4hcr-7re3-rkhx

vulnerability_id VCID-4hcr-7re3-rkhx

summary An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6427.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6427.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6427

reference_id

reference_type

scores

value	0.0008
scoring_system	epss
scoring_elements	0.23893
published_at	2026-04-04T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23798
published_at	2026-04-09T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23751
published_at	2026-04-08T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23853
published_at	2026-04-02T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23681
published_at	2026-04-07T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24985
published_at	2026-04-18T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25075
published_at	2026-04-11T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24993
published_at	2026-04-16T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.2498
published_at	2026-04-13T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25035
published_at	2026-04-12T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.54802
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6427

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2374565
reference_id	2374565
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2374565

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_id

mfsa2025-51

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_id

mfsa2025-51

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T14:20:57Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_id

mfsa2025-54

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_id

mfsa2025-54

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T14:20:57Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1966927

reference_id

show_bug.cgi?id=1966927

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T14:20:57Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1966927

reference_url	https://usn.ubuntu.com/7991-1/
reference_id	USN-7991-1
reference_type
scores
url	https://usn.ubuntu.com/7991-1/

fixed_packages

url	pkg:deb/debian/firefox@140.0-1?distro=sid
purl	pkg:deb/debian/firefox@140.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@140.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2025-6427

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hcr-7re3-rkhx

url VCID-82f1-zb9f-qbg8

vulnerability_id VCID-82f1-zb9f-qbg8

summary If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6435.json

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6435.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6435

reference_id

reference_type

scores

value	0.00128
scoring_system	epss
scoring_elements	0.32275
published_at	2026-04-09T12:55:00Z

value	0.00128
scoring_system	epss
scoring_elements	0.32337
published_at	2026-04-02T12:55:00Z

value	0.00128
scoring_system	epss
scoring_elements	0.32374
published_at	2026-04-04T12:55:00Z

value	0.00128
scoring_system	epss
scoring_elements	0.32198
published_at	2026-04-07T12:55:00Z

value	0.00128
scoring_system	epss
scoring_elements	0.32247
published_at	2026-04-08T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34075
published_at	2026-04-16T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34063
published_at	2026-04-18T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34105
published_at	2026-04-11T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34039
published_at	2026-04-13T12:55:00Z

value	0.00505
scoring_system	epss
scoring_elements	0.66246
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6435

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2374557
reference_id	2374557
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2374557

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_id

mfsa2025-51

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_id

mfsa2025-51

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-24T13:37:09Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_id

mfsa2025-54

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_id

mfsa2025-54

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-24T13:37:09Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1950056

reference_id

show_bug.cgi?id=1950056

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-24T13:37:09Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1950056

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1961777

reference_id

show_bug.cgi?id=1961777

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-24T13:37:09Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1961777

reference_url	https://usn.ubuntu.com/7991-1/
reference_id	USN-7991-1
reference_type
scores
url	https://usn.ubuntu.com/7991-1/

fixed_packages

url	pkg:deb/debian/firefox@140.0-1?distro=sid
purl	pkg:deb/debian/firefox@140.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@140.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2025-6435

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-82f1-zb9f-qbg8

url VCID-b8xy-bqk8-dyf5

vulnerability_id VCID-b8xy-bqk8-dyf5

summary Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6436.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6436.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6436

reference_id

reference_type

scores

value	0.0013
scoring_system	epss
scoring_elements	0.32582
published_at	2026-04-04T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32481
published_at	2026-04-09T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32454
published_at	2026-04-08T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32546
published_at	2026-04-02T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32406
published_at	2026-04-07T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34257
published_at	2026-04-18T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34299
published_at	2026-04-11T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.3427
published_at	2026-04-16T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34235
published_at	2026-04-13T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34258
published_at	2026-04-12T12:55:00Z

value	0.00511
scoring_system	epss
scoring_elements	0.66469
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6436

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2374554
reference_id	2374554
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2374554

reference_url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1941377%2C1960948%2C1966187%2C1966505%2C1970764%2C1942930

reference_id

buglist.cgi?bug_id=1941377%2C1960948%2C1966187%2C1966505%2C1970764%2C1942930

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T03:55:43Z/

url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1941377%2C1960948%2C1966187%2C1966505%2C1970764%2C1942930

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_id

mfsa2025-51

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_id

mfsa2025-51

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T03:55:43Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_id

mfsa2025-54

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_id

mfsa2025-54

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T03:55:43Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_url	https://usn.ubuntu.com/7991-1/
reference_id	USN-7991-1
reference_type
scores
url	https://usn.ubuntu.com/7991-1/

fixed_packages

url	pkg:deb/debian/firefox@140.0-1?distro=sid
purl	pkg:deb/debian/firefox@140.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@140.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2025-6436

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b8xy-bqk8-dyf5

url VCID-ewxs-dh9a-mugn

vulnerability_id VCID-ewxs-dh9a-mugn

summary When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6432.json

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6432.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6432

reference_id

reference_type

scores

value	0.00105
scoring_system	epss
scoring_elements	0.28652
published_at	2026-04-04T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28562
published_at	2026-04-09T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28521
published_at	2026-04-08T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28608
published_at	2026-04-02T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28454
published_at	2026-04-07T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29878
published_at	2026-04-18T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29977
published_at	2026-04-11T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29898
published_at	2026-04-16T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29882
published_at	2026-04-13T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.2993
published_at	2026-04-12T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61504
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6432

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2374556
reference_id	2374556
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2374556

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_id

mfsa2025-51

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_id

mfsa2025-51

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:25:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_id

mfsa2025-54

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_id

mfsa2025-54

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:25:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1943804

reference_id

show_bug.cgi?id=1943804

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:25:47Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1943804

reference_url	https://usn.ubuntu.com/7991-1/
reference_id	USN-7991-1
reference_type
scores
url	https://usn.ubuntu.com/7991-1/

fixed_packages

url	pkg:deb/debian/firefox@140.0-1?distro=sid
purl	pkg:deb/debian/firefox@140.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@140.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2025-6432

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewxs-dh9a-mugn

url VCID-j6w1-yhc3-uqfw

vulnerability_id VCID-j6w1-yhc3-uqfw

summary An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6425.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6425.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6425

reference_id

reference_type

scores

value	0.00104
scoring_system	epss
scoring_elements	0.28614
published_at	2026-04-04T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.2857
published_at	2026-04-02T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28524
published_at	2026-04-09T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28483
published_at	2026-04-08T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28417
published_at	2026-04-07T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.299
published_at	2026-04-12T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29946
published_at	2026-04-11T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29847
published_at	2026-04-18T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29867
published_at	2026-04-16T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.2985
published_at	2026-04-13T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.6145
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6425

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6425
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6425

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2374562
reference_id	2374562
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2374562

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_id

mfsa2025-51

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_id

mfsa2025-51

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-52

reference_id

mfsa2025-52

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-52

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-52/

reference_id

mfsa2025-52

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-52/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-53

reference_id

mfsa2025-53

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-53

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-53/

reference_id

mfsa2025-53

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-53/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_id

mfsa2025-54

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_id

mfsa2025-54

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-55

reference_id

mfsa2025-55

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-55

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-55/

reference_id

mfsa2025-55

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-55/

reference_url	https://access.redhat.com/errata/RHSA-2025:10072
reference_id	RHSA-2025:10072
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10072

reference_url	https://access.redhat.com/errata/RHSA-2025:10073
reference_id	RHSA-2025:10073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10073

reference_url	https://access.redhat.com/errata/RHSA-2025:10074
reference_id	RHSA-2025:10074
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10074

reference_url	https://access.redhat.com/errata/RHSA-2025:10159
reference_id	RHSA-2025:10159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10159

reference_url	https://access.redhat.com/errata/RHSA-2025:10160
reference_id	RHSA-2025:10160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10160

reference_url	https://access.redhat.com/errata/RHSA-2025:10161
reference_id	RHSA-2025:10161
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10161

reference_url	https://access.redhat.com/errata/RHSA-2025:10163
reference_id	RHSA-2025:10163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10163

reference_url	https://access.redhat.com/errata/RHSA-2025:10164
reference_id	RHSA-2025:10164
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10164

reference_url	https://access.redhat.com/errata/RHSA-2025:10165
reference_id	RHSA-2025:10165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10165

reference_url	https://access.redhat.com/errata/RHSA-2025:10166
reference_id	RHSA-2025:10166
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10166

reference_url	https://access.redhat.com/errata/RHSA-2025:10181
reference_id	RHSA-2025:10181
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10181

reference_url	https://access.redhat.com/errata/RHSA-2025:10182
reference_id	RHSA-2025:10182
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10182

reference_url	https://access.redhat.com/errata/RHSA-2025:10183
reference_id	RHSA-2025:10183
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10183

reference_url	https://access.redhat.com/errata/RHSA-2025:10184
reference_id	RHSA-2025:10184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10184

reference_url	https://access.redhat.com/errata/RHSA-2025:10185
reference_id	RHSA-2025:10185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10185

reference_url	https://access.redhat.com/errata/RHSA-2025:10186
reference_id	RHSA-2025:10186
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10186

reference_url	https://access.redhat.com/errata/RHSA-2025:10187
reference_id	RHSA-2025:10187
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10187

reference_url	https://access.redhat.com/errata/RHSA-2025:10188
reference_id	RHSA-2025:10188
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10188

reference_url	https://access.redhat.com/errata/RHSA-2025:10195
reference_id	RHSA-2025:10195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10195

reference_url	https://access.redhat.com/errata/RHSA-2025:10196
reference_id	RHSA-2025:10196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10196

reference_url	https://access.redhat.com/errata/RHSA-2025:10246
reference_id	RHSA-2025:10246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10246

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1717672

reference_id

show_bug.cgi?id=1717672

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1717672

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/firefox@140.0-1?distro=sid
purl	pkg:deb/debian/firefox@140.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@140.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2025-6425

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6w1-yhc3-uqfw

url VCID-mrb2-hz9y-4ufp

vulnerability_id VCID-mrb2-hz9y-4ufp

summary When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a <embed> or <object> tag, potentially making a website vulnerable to a cross-site scripting attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6430.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6430.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6430

reference_id

reference_type

scores

value	0.00094
scoring_system	epss
scoring_elements	0.26119
published_at	2026-04-07T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26308
published_at	2026-04-02T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26234
published_at	2026-04-09T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26186
published_at	2026-04-08T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26348
published_at	2026-04-04T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28055
published_at	2026-04-11T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27946
published_at	2026-04-18T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27964
published_at	2026-04-16T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27955
published_at	2026-04-13T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28013
published_at	2026-04-12T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.5884
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6430

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6430
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6430

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2374555
reference_id	2374555
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2374555

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_id

mfsa2025-51

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_id

mfsa2025-51

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:08Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-53

reference_id

mfsa2025-53

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-53

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-53/

reference_id

mfsa2025-53

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:08Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-53/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_id

mfsa2025-54

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_id

mfsa2025-54

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:08Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-55

reference_id

mfsa2025-55

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-55

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-55/

reference_id

mfsa2025-55

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:08Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-55/

reference_url	https://access.redhat.com/errata/RHSA-2025:10072
reference_id	RHSA-2025:10072
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10072

reference_url	https://access.redhat.com/errata/RHSA-2025:10073
reference_id	RHSA-2025:10073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10073

reference_url	https://access.redhat.com/errata/RHSA-2025:10074
reference_id	RHSA-2025:10074
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10074

reference_url	https://access.redhat.com/errata/RHSA-2025:10159
reference_id	RHSA-2025:10159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10159

reference_url	https://access.redhat.com/errata/RHSA-2025:10160
reference_id	RHSA-2025:10160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10160

reference_url	https://access.redhat.com/errata/RHSA-2025:10161
reference_id	RHSA-2025:10161
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10161

reference_url	https://access.redhat.com/errata/RHSA-2025:10163
reference_id	RHSA-2025:10163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10163

reference_url	https://access.redhat.com/errata/RHSA-2025:10164
reference_id	RHSA-2025:10164
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10164

reference_url	https://access.redhat.com/errata/RHSA-2025:10165
reference_id	RHSA-2025:10165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10165

reference_url	https://access.redhat.com/errata/RHSA-2025:10166
reference_id	RHSA-2025:10166
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10166

reference_url	https://access.redhat.com/errata/RHSA-2025:10181
reference_id	RHSA-2025:10181
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10181

reference_url	https://access.redhat.com/errata/RHSA-2025:10182
reference_id	RHSA-2025:10182
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10182

reference_url	https://access.redhat.com/errata/RHSA-2025:10183
reference_id	RHSA-2025:10183
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10183

reference_url	https://access.redhat.com/errata/RHSA-2025:10184
reference_id	RHSA-2025:10184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10184

reference_url	https://access.redhat.com/errata/RHSA-2025:10185
reference_id	RHSA-2025:10185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10185

reference_url	https://access.redhat.com/errata/RHSA-2025:10186
reference_id	RHSA-2025:10186
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10186

reference_url	https://access.redhat.com/errata/RHSA-2025:10187
reference_id	RHSA-2025:10187
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10187

reference_url	https://access.redhat.com/errata/RHSA-2025:10188
reference_id	RHSA-2025:10188
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10188

reference_url	https://access.redhat.com/errata/RHSA-2025:10195
reference_id	RHSA-2025:10195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10195

reference_url	https://access.redhat.com/errata/RHSA-2025:10196
reference_id	RHSA-2025:10196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10196

reference_url	https://access.redhat.com/errata/RHSA-2025:10246
reference_id	RHSA-2025:10246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10246

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1971140

reference_id

show_bug.cgi?id=1971140

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:08Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1971140

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/firefox@140.0-1?distro=sid
purl	pkg:deb/debian/firefox@140.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@140.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2025-6430

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mrb2-hz9y-4ufp

url VCID-r29z-4m4j-8kft

vulnerability_id VCID-r29z-4m4j-8kft

summary A use-after-free in FontFaceSet resulted in a potentially exploitable crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6424.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6424.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6424

reference_id

reference_type

scores

value	0.00282
scoring_system	epss
scoring_elements	0.51534
published_at	2026-04-04T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51508
published_at	2026-04-02T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51545
published_at	2026-04-09T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51548
published_at	2026-04-08T12:55:00Z

value	0.00282
scoring_system	epss
scoring_elements	0.51495
published_at	2026-04-07T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53808
published_at	2026-04-12T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53825
published_at	2026-04-11T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53833
published_at	2026-04-18T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53829
published_at	2026-04-16T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53792
published_at	2026-04-13T12:55:00Z

value	0.01103
scoring_system	epss
scoring_elements	0.78099
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6424

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6424
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6424

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2374559
reference_id	2374559
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2374559

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_id

mfsa2025-51

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_id

mfsa2025-51

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-52

reference_id

mfsa2025-52

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-52

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-52/

reference_id

mfsa2025-52

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-52/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-53

reference_id

mfsa2025-53

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-53

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-53/

reference_id

mfsa2025-53

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-53/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_id

mfsa2025-54

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_id

mfsa2025-54

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-55

reference_id

mfsa2025-55

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-55

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-55/

reference_id

mfsa2025-55

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-55/

reference_url	https://access.redhat.com/errata/RHSA-2025:10072
reference_id	RHSA-2025:10072
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10072

reference_url	https://access.redhat.com/errata/RHSA-2025:10073
reference_id	RHSA-2025:10073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10073

reference_url	https://access.redhat.com/errata/RHSA-2025:10074
reference_id	RHSA-2025:10074
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10074

reference_url	https://access.redhat.com/errata/RHSA-2025:10159
reference_id	RHSA-2025:10159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10159

reference_url	https://access.redhat.com/errata/RHSA-2025:10160
reference_id	RHSA-2025:10160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10160

reference_url	https://access.redhat.com/errata/RHSA-2025:10161
reference_id	RHSA-2025:10161
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10161

reference_url	https://access.redhat.com/errata/RHSA-2025:10163
reference_id	RHSA-2025:10163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10163

reference_url	https://access.redhat.com/errata/RHSA-2025:10164
reference_id	RHSA-2025:10164
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10164

reference_url	https://access.redhat.com/errata/RHSA-2025:10165
reference_id	RHSA-2025:10165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10165

reference_url	https://access.redhat.com/errata/RHSA-2025:10166
reference_id	RHSA-2025:10166
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10166

reference_url	https://access.redhat.com/errata/RHSA-2025:10181
reference_id	RHSA-2025:10181
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10181

reference_url	https://access.redhat.com/errata/RHSA-2025:10182
reference_id	RHSA-2025:10182
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10182

reference_url	https://access.redhat.com/errata/RHSA-2025:10183
reference_id	RHSA-2025:10183
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10183

reference_url	https://access.redhat.com/errata/RHSA-2025:10184
reference_id	RHSA-2025:10184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10184

reference_url	https://access.redhat.com/errata/RHSA-2025:10185
reference_id	RHSA-2025:10185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10185

reference_url	https://access.redhat.com/errata/RHSA-2025:10186
reference_id	RHSA-2025:10186
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10186

reference_url	https://access.redhat.com/errata/RHSA-2025:10187
reference_id	RHSA-2025:10187
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10187

reference_url	https://access.redhat.com/errata/RHSA-2025:10188
reference_id	RHSA-2025:10188
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10188

reference_url	https://access.redhat.com/errata/RHSA-2025:10195
reference_id	RHSA-2025:10195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10195

reference_url	https://access.redhat.com/errata/RHSA-2025:10196
reference_id	RHSA-2025:10196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10196

reference_url	https://access.redhat.com/errata/RHSA-2025:10246
reference_id	RHSA-2025:10246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10246

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1966423

reference_id

show_bug.cgi?id=1966423

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1966423

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/firefox@140.0-1?distro=sid
purl	pkg:deb/debian/firefox@140.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@140.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2025-6424

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r29z-4m4j-8kft

url VCID-s89g-7f5f-5qd2

vulnerability_id VCID-s89g-7f5f-5qd2

summary Thunderbird could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6429.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6429.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6429

reference_id

reference_type

scores

value	0.00109
scoring_system	epss
scoring_elements	0.29245
published_at	2026-04-07T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29383
published_at	2026-04-02T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.2935
published_at	2026-04-09T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29309
published_at	2026-04-08T12:55:00Z

value	0.00109
scoring_system	epss
scoring_elements	0.29432
published_at	2026-04-04T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30853
published_at	2026-04-11T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30771
published_at	2026-04-18T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30791
published_at	2026-04-16T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30764
published_at	2026-04-13T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30809
published_at	2026-04-12T12:55:00Z

value	0.00431
scoring_system	epss
scoring_elements	0.62651
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6429

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6429
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6429

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2374561
reference_id	2374561
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2374561

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_id

mfsa2025-51

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_id

mfsa2025-51

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:21Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-53

reference_id

mfsa2025-53

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-53

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-53/

reference_id

mfsa2025-53

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:21Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-53/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_id

mfsa2025-54

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_id

mfsa2025-54

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:21Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-55

reference_id

mfsa2025-55

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-55

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-55/

reference_id

mfsa2025-55

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:21Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-55/

reference_url	https://access.redhat.com/errata/RHSA-2025:10072
reference_id	RHSA-2025:10072
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10072

reference_url	https://access.redhat.com/errata/RHSA-2025:10073
reference_id	RHSA-2025:10073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10073

reference_url	https://access.redhat.com/errata/RHSA-2025:10074
reference_id	RHSA-2025:10074
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10074

reference_url	https://access.redhat.com/errata/RHSA-2025:10159
reference_id	RHSA-2025:10159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10159

reference_url	https://access.redhat.com/errata/RHSA-2025:10160
reference_id	RHSA-2025:10160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10160

reference_url	https://access.redhat.com/errata/RHSA-2025:10161
reference_id	RHSA-2025:10161
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10161

reference_url	https://access.redhat.com/errata/RHSA-2025:10163
reference_id	RHSA-2025:10163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10163

reference_url	https://access.redhat.com/errata/RHSA-2025:10164
reference_id	RHSA-2025:10164
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10164

reference_url	https://access.redhat.com/errata/RHSA-2025:10165
reference_id	RHSA-2025:10165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10165

reference_url	https://access.redhat.com/errata/RHSA-2025:10166
reference_id	RHSA-2025:10166
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10166

reference_url	https://access.redhat.com/errata/RHSA-2025:10181
reference_id	RHSA-2025:10181
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10181

reference_url	https://access.redhat.com/errata/RHSA-2025:10182
reference_id	RHSA-2025:10182
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10182

reference_url	https://access.redhat.com/errata/RHSA-2025:10183
reference_id	RHSA-2025:10183
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10183

reference_url	https://access.redhat.com/errata/RHSA-2025:10184
reference_id	RHSA-2025:10184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10184

reference_url	https://access.redhat.com/errata/RHSA-2025:10185
reference_id	RHSA-2025:10185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10185

reference_url	https://access.redhat.com/errata/RHSA-2025:10186
reference_id	RHSA-2025:10186
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10186

reference_url	https://access.redhat.com/errata/RHSA-2025:10187
reference_id	RHSA-2025:10187
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10187

reference_url	https://access.redhat.com/errata/RHSA-2025:10188
reference_id	RHSA-2025:10188
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10188

reference_url	https://access.redhat.com/errata/RHSA-2025:10195
reference_id	RHSA-2025:10195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10195

reference_url	https://access.redhat.com/errata/RHSA-2025:10196
reference_id	RHSA-2025:10196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10196

reference_url	https://access.redhat.com/errata/RHSA-2025:10246
reference_id	RHSA-2025:10246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10246

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1970658

reference_id

show_bug.cgi?id=1970658

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:21Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1970658

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/firefox@140.0-1?distro=sid
purl	pkg:deb/debian/firefox@140.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@140.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2025-6429

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s89g-7f5f-5qd2

url VCID-t1h3-cabw-cyc2

vulnerability_id VCID-t1h3-cabw-cyc2

summary The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6434.json

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6434.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6434

reference_id

reference_type

scores

value	0.00043
scoring_system	epss
scoring_elements	0.13466
published_at	2026-04-04T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13394
published_at	2026-04-09T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13344
published_at	2026-04-08T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13401
published_at	2026-04-02T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13261
published_at	2026-04-07T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14363
published_at	2026-04-18T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14569
published_at	2026-04-11T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14364
published_at	2026-04-16T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14472
published_at	2026-04-13T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.1453
published_at	2026-04-12T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38287
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6434

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2374566
reference_id	2374566
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2374566

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_id

mfsa2025-51

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_id

mfsa2025-51

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:20:21Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_id

mfsa2025-54

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_id

mfsa2025-54

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:20:21Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1955182

reference_id

show_bug.cgi?id=1955182

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:20:21Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1955182

reference_url	https://usn.ubuntu.com/7991-1/
reference_id	USN-7991-1
reference_type
scores
url	https://usn.ubuntu.com/7991-1/

fixed_packages

url	pkg:deb/debian/firefox@140.0-1?distro=sid
purl	pkg:deb/debian/firefox@140.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@140.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2025-6434

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t1h3-cabw-cyc2

url VCID-zv75-mvuu-fka9

vulnerability_id VCID-zv75-mvuu-fka9

summary If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors".

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6433.json

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6433.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6433

reference_id

reference_type

scores

value	0.00058
scoring_system	epss
scoring_elements	0.18447
published_at	2026-04-04T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18289
published_at	2026-04-09T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18235
published_at	2026-04-08T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18392
published_at	2026-04-02T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.1815
published_at	2026-04-07T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19565
published_at	2026-04-18T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19688
published_at	2026-04-11T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19558
published_at	2026-04-16T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.1958
published_at	2026-04-13T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19639
published_at	2026-04-12T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40809
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6433

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2374567
reference_id	2374567
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2374567

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_id

mfsa2025-51

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_id

mfsa2025-51

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:31:56Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-51/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_id

mfsa2025-54

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-54

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_id

mfsa2025-54

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:31:56Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-54/

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1954033

reference_id

show_bug.cgi?id=1954033

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:31:56Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1954033

reference_url	https://usn.ubuntu.com/7991-1/
reference_id	USN-7991-1
reference_type
scores
url	https://usn.ubuntu.com/7991-1/

fixed_packages

url	pkg:deb/debian/firefox@140.0-1?distro=sid
purl	pkg:deb/debian/firefox@140.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@140.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2025-6433

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zv75-mvuu-fka9

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@140.0-1%3Fdistro=sid

Package Instance