CVE-2025-6427 Information

Description

An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1966927 https://www.mozilla.org/security/advisories/mfsa2025-51/

Related CNNVD

CNNVD-202506-3073 (Published: 2025-06-24)