Content Injection Vulnerability in Firefox by Mozilla
CVE-2025-5271

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 27 May 2025

What is CVE-2025-5271?

A vulnerability exists in older versions of Firefox where the Developer Tools fail to honor Content Security Policy (CSP) headers during response previews. This oversight may lead to the potential for content injection attacks, allowing malicious actors to execute unauthorized scripts or manipulate content. Affected users should update to the latest version of Firefox to mitigate these risks.

Affected Version(s)

Firefox < 139

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1920348

https://www.mozilla.org/security/advisories/mfsa2025-42/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2025
Vulnerability Reserved
May 27, 2025

Credit

Satoki Tsuji