Vulnerability Database

296,137

Total vulnerabilities in the database

CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

  • Published: Jun 24, 2025
  • Updated: Jul 15, 2025
  • CVE: CVE-2025-6429
  • Exploit:

No technical information available.

No CWE or OWASP classifications available.

Software From Fixed in
mozilla / firefox - 140.0
mozilla / firefox - 128.12.0