Base Score

HIGH8.6

CVE-2025-6432

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140 and Thunderbird < 140.

VectorNETWORK

Published Bysecurity@mozilla.org

Published DateJun 24, 2025, 13:15

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

8.6

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

LOW

Availability (A)

LOW

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1943804
https://www.mozilla.org/security/advisories/mfsa2025-51/
https://www.mozilla.org/security/advisories/mfsa2025-54/

Base Score

HIGH8.6

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

8.6

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

LOW

Availability (A)

LOW