Vulnerability Database

296,137

Total vulnerabilities in the database

CVE-2025-6427

An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140.

  • Published: Jun 24, 2025
  • Updated: Jul 15, 2025
  • CVE: CVE-2025-6427
  • Exploit:

No technical information available.

No CWE or OWASP classifications available.

Software From Fixed in
mozilla / firefox - 140.0