CVE-2025-6429 Information

Description

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1970658 https://www.mozilla.org/security/advisories/mfsa2025-51/ https://www.mozilla.org/security/advisories/mfsa2025-53/

Related CNNVD

CNNVD-202506-3009 (Published: 2025-06-24)