Content Security Policy Bypass in Firefox by Mozilla
CVE-2025-6427

9.1CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 24 June 2025

What is CVE-2025-6427?

A vulnerability was discovered in Firefox that allows attackers to bypass the connect-src directive of a Content Security Policy through subdocument manipulation. This exploit could obscure the connections made by the attacker in the Network tab of Developer Tools, effectively hiding malicious activities from users and developers. This issue primarily impacts Firefox versions earlier than 140, posing a risk to web applications that rely on CSP for securing their content and resources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Firefox < 140

Thunderbird < 140

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1966927

https://www.mozilla.org/security/advisories/mfsa2025-51/

https://www.mozilla.org/security/advisories/mfsa2025-54/

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Jun 20, 2025

Credit

Alan Li (lebr0nli)

JSON

Mozilla

What is CVE-2025-6427?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.