Vulnerability Database

296,137

Total vulnerabilities in the database

CVE-2025-6430

When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a &amp;lt;embed&amp;gt; or &amp;lt;object&amp;gt; tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

  • Published: Jun 24, 2025
  • Updated: Jul 15, 2025
  • CVE: CVE-2025-6430
  • Exploit:

No technical information available.

No CWE or OWASP classifications available.

Software From Fixed in
mozilla / firefox - 140.0
mozilla / firefox - 128.12.0