Content Security Policy Bypass in Firefox by Mozilla
CVE-2025-6427

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 24 June 2025

What is CVE-2025-6427?

A vulnerability was discovered in Firefox that allows attackers to bypass the connect-src directive of a Content Security Policy through subdocument manipulation. This exploit could obscure the connections made by the attacker in the Network tab of Developer Tools, effectively hiding malicious activities from users and developers. This issue primarily impacts Firefox versions earlier than 140, posing a risk to web applications that rely on CSP for securing their content and resources.

Affected Version(s)

Firefox < 140

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1966927

https://www.mozilla.org/security/advisories/mfsa2025-51/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Jun 20, 2025

Credit

Alan Li (lebr0nli)