Exploitation of the vulnerability became possible after injecting malicious code into an arbitrary website, allowing an attacker to steal credentials and redirect users to phishing pages.
A vulnerability in Mozilla Firefox was discovered by Positive Technologies expert Daniil Satyaev. The issue was assigned the identifier CVE-2025-6430 (PT-2025-30487) and received a score of 6.1 on the CVSS 4.0 scale.
The flaw affected all Firefox versions prior to 140.0, as well as Firefox ESR versions prior to 128.12. Patches have now been released for both Firefox and Firefox ESR.
In addition, according to the developers, two branches of the Thunderbird email client were also affected: the vulnerabilities were present in versions below 140 and 128.12. Updates have also been released for both.
The researcher explains that by exploiting CVE-2025-6430 in Firefox, together with a cross-site scripting (XSS) issue, an attacker could potentially:
- gain access to the organization’s internal services, for example to the document management system and the customer relationship management (CRM) system, and then to trade secrets and financial data;
- compromise user credentials, including those of corporate network administrators, and disrupt the organization’s business processes;
- redirect users to phishing pages to steal credentials.
“Before CVE-2025-6430 was fixed, Firefox improperly used secure loading mechanisms for embedded multimedia elements, causing files viewed by the user (documents, images, videos) to open directly in the browser instead of being downloaded. This behavior could help an attacker bypass certain protections against vulnerabilities that lead to XSS attacks. By exploiting cross-site scripting on a web resource, an attacker could inject into the page a file containing malicious JavaScript code, which the victim would automatically execute upon opening,” said Daniil Satyaev, a junior specialist in the Banking Systems Security Research Department at Positive Technologies.
Users are advised to update Firefox to version 140.0 or later and Firefox ESR to version 128.12 or later as soon as possible. If installing the current browser version is not possible, experts recommend using user input sanitization tools, such as the DOMPurify library.