Description
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.
INFO
Published Date :
2025-06-24T12:28:00.819Z
Last Modified :
2026-04-13T14:30:42.931Z
Source :
mozilla
AFFECTED PRODUCTS
The following products are affected by CVE-2025-6429 vulnerability.
| Vendors | Products |
|---|---|
| Mozilla |
|
| Redhat |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2025-6429.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact