VDB
CISA-2025-6432
CISA-2025-6432
PUBLISHED
CVSS 8.6 HIGH
Reported by mozilla · Published June 24, 2025
When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140 and Thunderbird < 140.
Risk Scores
CVSS 3.1
8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | unspecified |
| Mozilla | Thunderbird | unspecified |
| Mozilla | Firefox | unspecified, unspecified |
| Mozilla | Thunderbird | unspecified, * |
Timeline
- Jun 24, 2025 CVE Published
- Oct 30, 2025 CVE Updated