Search for vulnerabilities
Vulnerability details: VCID-g76u-agqq-eqca
Vulnerability ID VCID-g76u-agqq-eqca
Aliases CVE-2025-6429
Summary Thunderbird could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-706 Use of Incorrectly-Resolved Name or Reference
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6429.json
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-6429
cvssv3.1 6.5 https://bugzilla.mozilla.org/show_bug.cgi?id=1970658
ssvc Track https://bugzilla.mozilla.org/show_bug.cgi?id=1970658
cvssv3.1 4.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-51
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-53
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-54
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-55
cvssv3.1 6.5 https://www.mozilla.org/security/advisories/mfsa2025-51/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-51/
cvssv3.1 6.5 https://www.mozilla.org/security/advisories/mfsa2025-53/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-53/
cvssv3.1 6.5 https://www.mozilla.org/security/advisories/mfsa2025-54/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-54/
cvssv3.1 6.5 https://www.mozilla.org/security/advisories/mfsa2025-55/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-55/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6429.json
https://api.first.org/data/v1/epss?cve=CVE-2025-6429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6429
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2374561 https://bugzilla.redhat.com/show_bug.cgi?id=2374561
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
CVE-2025-6429 https://nvd.nist.gov/vuln/detail/CVE-2025-6429
mfsa2025-51 https://www.mozilla.org/en-US/security/advisories/mfsa2025-51
mfsa2025-51 https://www.mozilla.org/security/advisories/mfsa2025-51/
mfsa2025-53 https://www.mozilla.org/en-US/security/advisories/mfsa2025-53
mfsa2025-53 https://www.mozilla.org/security/advisories/mfsa2025-53/
mfsa2025-54 https://www.mozilla.org/en-US/security/advisories/mfsa2025-54
mfsa2025-54 https://www.mozilla.org/security/advisories/mfsa2025-54/
mfsa2025-55 https://www.mozilla.org/en-US/security/advisories/mfsa2025-55
mfsa2025-55 https://www.mozilla.org/security/advisories/mfsa2025-55/
RHSA-2025:10072 https://access.redhat.com/errata/RHSA-2025:10072
RHSA-2025:10073 https://access.redhat.com/errata/RHSA-2025:10073
RHSA-2025:10074 https://access.redhat.com/errata/RHSA-2025:10074
RHSA-2025:10159 https://access.redhat.com/errata/RHSA-2025:10159
RHSA-2025:10160 https://access.redhat.com/errata/RHSA-2025:10160
RHSA-2025:10161 https://access.redhat.com/errata/RHSA-2025:10161
RHSA-2025:10163 https://access.redhat.com/errata/RHSA-2025:10163
RHSA-2025:10164 https://access.redhat.com/errata/RHSA-2025:10164
RHSA-2025:10165 https://access.redhat.com/errata/RHSA-2025:10165
RHSA-2025:10166 https://access.redhat.com/errata/RHSA-2025:10166
RHSA-2025:10181 https://access.redhat.com/errata/RHSA-2025:10181
RHSA-2025:10182 https://access.redhat.com/errata/RHSA-2025:10182
RHSA-2025:10183 https://access.redhat.com/errata/RHSA-2025:10183
RHSA-2025:10184 https://access.redhat.com/errata/RHSA-2025:10184
RHSA-2025:10185 https://access.redhat.com/errata/RHSA-2025:10185
RHSA-2025:10186 https://access.redhat.com/errata/RHSA-2025:10186
RHSA-2025:10187 https://access.redhat.com/errata/RHSA-2025:10187
RHSA-2025:10188 https://access.redhat.com/errata/RHSA-2025:10188
RHSA-2025:10195 https://access.redhat.com/errata/RHSA-2025:10195
RHSA-2025:10196 https://access.redhat.com/errata/RHSA-2025:10196
RHSA-2025:10246 https://access.redhat.com/errata/RHSA-2025:10246
show_bug.cgi?id=1970658 https://bugzilla.mozilla.org/show_bug.cgi?id=1970658
USN-7663-1 https://usn.ubuntu.com/7663-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6429.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1970658
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:21Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1970658
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-51/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:21Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-51/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-53/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:21Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-53/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-54/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:21Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-54/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-55/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:21Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-55/
Exploit Prediction Scoring System (EPSS)
Percentile 0.212
EPSS Score 0.00067
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:09:23.000466+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2025/mfsa2025-55.yml 37.0.0