Exploitation of the vulnerability became possible after injecting malicious code into an arbitrary website, allowing an attacker to steal credentials and redirect users to phishing pages.
A vulnerability in Mozilla Firefox was discovered by Positive Technologies expert Daniil Satyaev. The issue was assigned the identifier CVE-2025-6430 (PT-2025-30487) and received a score of 6.1 on the CVSS 4.0 scale.
The flaw affected all Firefox versions prior to 140.0, as well as Firefox ESR versions prior to 128.12. Patches have now been released for both Firefox and Firefox ESR.
In addition, according to the developers, two branches of the Thunderbird email client were also affected: the vulnerabilities were present in versions below 140 and 128.12. Updates have also been released for both.
The researcher explains that by exploiting CVE-2025-6430 in Firefox, together with a cross-site scripting (XSS) issue, an attacker could potentially:
- gain access to the organization’s internal services, for example to the document management system and the customer relationship management (CRM) system, and then to trade secrets and financial data;
- compromise user credentials, including those of corporate network administrators, and disrupt the organization’s business processes;
- redirect users to phishing pages to steal credentials.
“Before CVE-2025-6430 was fixed, Firefox improperly used secure loading mechanisms for embedded multimedia elements, causing files viewed by the user (documents, images, videos) to open directly in the browser instead of being downloaded. This behavior could help an attacker bypass certain protections against vulnerabilities that lead to XSS attacks. By exploiting cross-site scripting on a web resource, an attacker could inject into the page a file containing malicious JavaScript code, which the victim would automatically execute upon opening,” said Daniil Satyaev, a junior specialist in the Banking Systems Security Research Department at Positive Technologies.
Users are advised to update Firefox to version 140.0 or later and Firefox ESR to version 128.12 or later as soon as possible. If installing the current browser version is not possible, experts recommend using user input sanitization tools, such as the DOMPurify library.
2025.01.26 — Cisco patched a critical vulnerability in Meeting Management
Cisco released updates to fix a critical (CVSS score: 9.9) vulnerability in Meeting Management. The bug enables an unprivileged remote authenticated attacker to gain administrative privileges. The vulnerability…
Full article →
2025.04.10 — April updates released by Microsoft cause issues with Windows Hello
Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition…
Full article →
2025.02.01 — Critical RCE vulnerability fixed in Cacti
A critical vulnerability has been discovered in the open-source Cacti framework: it enables an authenticated attacker to remotely execute arbitrary code. Vulnerability's ID is CVE-2025-22604; its…
Full article →
2025.04.16 — Android devices will restart every three days to protect user data
Google introduces a new security feature for Android devices: locked and unused devices will be automatically restarted after three days of inactivity to return their memory to an…
Full article →
2025.01.28 — J-magic backdoor attacked Juniper Networks devices using 'magic packets'
A massive backdoor attack targeting Juniper routers often used as VPN gateways has been uncovered. The devices were attacked by the J-magic malware that…
Full article →
2025.04.08 — Website of Everest ransomware group hacked and defaced
Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: "Don't do crime…
Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage
According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…
Full article →
2025.03.28 — Zero-day vulnerability in Windows results in NTLM hash leaks
Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows…
Full article →
2025.02.05 — Google patches Android zero-day vulnerability exploited by hackers
Google released the February set of patches for Android. In total, they fix 48 bugs, including a kernel zero-day vulnerability actively exploited by hackers. The zero-day's…
Full article →
2025.04.07 — Critical RCE vulnerability discovered in Apache Parquet
All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out…
Full article →