CVE-2025-6430 Information

Jun 26, 2025 cve

Description

When a file download is specified via the Content-Disposition header that directive would be ignored if the file was included via a <embed> or <object> tag potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1971140 https://www.mozilla.org/security/advisories/mfsa2025-51/ https://www.mozilla.org/security/advisories/mfsa2025-53/

CNNVD-202506-3011 (Published: 2025-06-24)

Share on:

CVE-2025-6430 Information

Description

Reference

Related CNNVD