Firefox Patches Vulnerability Discovered by Positive Technologies Expert

A newly patched vulnerability in Mozilla Firefox could have allowed attackers to steal credentials and redirect users to phishing pages by injecting malicious code into a compromised website.

The flaw, discovered by Positive Technologies expert Daniil Satyaev, was assigned the identifier CVE-2025-6430 (PT-2025-30487) and rated 6.1 on the CVSS 4.0 scale. It affected all Firefox versions below 140.0 and Firefox ESR versions older than 128.12. Patches have since been released for both Firefox and Firefox ESR.

Mozilla developers confirmed that the issue also extended to the Thunderbird mail client, affecting versions below 140 and 128.12. Security updates for both lines of Thunderbird are now available.

Potential Impact

According to Satyaev, exploiting CVE-2025-6430 in conjunction with a cross-site scripting (XSS) vulnerability could have allowed attackers to:

• Access internal organizational services such as document management and CRM systems, exposing trade secrets and financial data.
• Compromise user credentials, including those belonging to corporate network administrators, potentially disrupting business operations.
• Redirect users to phishing pages to harvest login details.

Technical Details

“Prior to being patched, CVE-2025-6430 caused Firefox to incorrectly apply secure loading mechanisms for embedded multimedia elements,” Satyaev explained. “As a result, files viewed by users—such as documents, images, or videos—were opened directly in the browser instead of being downloaded. This behavior could help attackers bypass certain protection mechanisms against XSS vulnerabilities. By exploiting cross-site scripting on a website, an attacker could embed a file with malicious JavaScript code that the victim would execute automatically upon opening.”

Recommended Action

Users are strongly advised to update Firefox to version 140.0 or higher and Firefox ESR to 128.12 or higher. For those unable to install the latest versions immediately, security experts recommend using input sanitization tools such as the DOMPurify library to mitigate the risk.