VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-gf4f-pq9k-kugc

Essentials
Severities (36)
References (41)
Severity details (19)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-gf4f-pq9k-kugc
Aliases	CVE-2025-6424
Summary	A use-after-free in FontFaceSet resulted in a potentially exploitable crash.
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6424.json
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
epss	0.001	https://api.first.org/data/v1/epss?cve=CVE-2025-6424
cvssv3.1	9.8	https://bugzilla.mozilla.org/show_bug.cgi?id=1966423
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1966423
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-51
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-52
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-53
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-54
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-55
cvssv3.1	9.8	https://www.mozilla.org/security/advisories/mfsa2025-51/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-51/
cvssv3.1	9.8	https://www.mozilla.org/security/advisories/mfsa2025-52/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-52/
cvssv3.1	9.8	https://www.mozilla.org/security/advisories/mfsa2025-53/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-53/
cvssv3.1	9.8	https://www.mozilla.org/security/advisories/mfsa2025-54/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-54/
cvssv3.1	9.8	https://www.mozilla.org/security/advisories/mfsa2025-55/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-55/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6424.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-6424
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6424
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2374559		https://bugzilla.redhat.com/show_bug.cgi?id=2374559
cpe:2.3:a:mozilla:firefox:::::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::-:::*
cpe:2.3:a:mozilla:firefox:::::esr:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::esr:::*
CVE-2025-6424		https://nvd.nist.gov/vuln/detail/CVE-2025-6424
mfsa2025-51		https://www.mozilla.org/en-US/security/advisories/mfsa2025-51
mfsa2025-51		https://www.mozilla.org/security/advisories/mfsa2025-51/
mfsa2025-52		https://www.mozilla.org/en-US/security/advisories/mfsa2025-52
mfsa2025-52		https://www.mozilla.org/security/advisories/mfsa2025-52/
mfsa2025-53		https://www.mozilla.org/en-US/security/advisories/mfsa2025-53
mfsa2025-53		https://www.mozilla.org/security/advisories/mfsa2025-53/
mfsa2025-54		https://www.mozilla.org/en-US/security/advisories/mfsa2025-54
mfsa2025-54		https://www.mozilla.org/security/advisories/mfsa2025-54/
mfsa2025-55		https://www.mozilla.org/en-US/security/advisories/mfsa2025-55
mfsa2025-55		https://www.mozilla.org/security/advisories/mfsa2025-55/
RHSA-2025:10072		https://access.redhat.com/errata/RHSA-2025:10072
RHSA-2025:10073		https://access.redhat.com/errata/RHSA-2025:10073
RHSA-2025:10074		https://access.redhat.com/errata/RHSA-2025:10074
RHSA-2025:10159		https://access.redhat.com/errata/RHSA-2025:10159
RHSA-2025:10160		https://access.redhat.com/errata/RHSA-2025:10160
RHSA-2025:10161		https://access.redhat.com/errata/RHSA-2025:10161
RHSA-2025:10163		https://access.redhat.com/errata/RHSA-2025:10163
RHSA-2025:10164		https://access.redhat.com/errata/RHSA-2025:10164
RHSA-2025:10165		https://access.redhat.com/errata/RHSA-2025:10165
RHSA-2025:10166		https://access.redhat.com/errata/RHSA-2025:10166
RHSA-2025:10181		https://access.redhat.com/errata/RHSA-2025:10181
RHSA-2025:10182		https://access.redhat.com/errata/RHSA-2025:10182
RHSA-2025:10183		https://access.redhat.com/errata/RHSA-2025:10183
RHSA-2025:10184		https://access.redhat.com/errata/RHSA-2025:10184
RHSA-2025:10185		https://access.redhat.com/errata/RHSA-2025:10185
RHSA-2025:10186		https://access.redhat.com/errata/RHSA-2025:10186
RHSA-2025:10187		https://access.redhat.com/errata/RHSA-2025:10187
RHSA-2025:10188		https://access.redhat.com/errata/RHSA-2025:10188
RHSA-2025:10195		https://access.redhat.com/errata/RHSA-2025:10195
RHSA-2025:10196		https://access.redhat.com/errata/RHSA-2025:10196
RHSA-2025:10246		https://access.redhat.com/errata/RHSA-2025:10246
show_bug.cgi?id=1966423		https://bugzilla.mozilla.org/show_bug.cgi?id=1966423
USN-7663-1		https://usn.ubuntu.com/7663-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6424.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1966423

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1966423

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-51/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-51/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-52/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-52/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-53/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-53/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-54/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-54/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-55/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-25T12:36:06Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-55/

Exploit Prediction Scoring System (EPSS)

Percentile	0.28578
EPSS Score	0.001
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:22.935778+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2025/mfsa2025-55.yml	37.0.0