News

Mozilla patches Firefox browser vulnerability discovered by Positive Technologies

A security researcher from Positive Technologies, Daniil Satyaev of the PT SWARM team, has discovered a vulnerability in Mozilla Firefox, one of the world's most popular1 browsers. The vulnerability also affects the enterprise version of Firefox. By exploiting this flaw via malicious code injected into a compromised website, attackers could steal credentials or redirect users to phishing sites. Mozilla was notified under the responsible disclosure policy and has already released security updates for Firefox and Firefox ESR.

The vulnerability, tracked as PT-2025-304872 (CVE-2025-6430, BDU:2025-07582), received a CVSS 4.0 score of 6.1. It affects all Firefox versions earlier than 140.0, as well as Firefox ESR versions earlier than 128.12. According to Mozilla, the issue also extended to two release branches of the Thunderbird email client—versions below 140 and 128.12—which have also received patches.

If exploited together with a cross-site scripting (XSS)3 vulnerability, this flaw could allow attackers to:

  • Access internal systems such as document management or CRM platforms, potentially exposing confidential business information and financial data.
  • Compromise user credentials, including those of network administrators, disrupting the organization's operations.
  • Redirect users to phishing sites to steal their credentials.

1 According to the web analytics platform StatCounter, Mozilla is the fourth most popular browser in the world. The vendor estimates the browser's user base at 150 million people.

2 The security vulnerability has been registered on the dbugs portal, which aggregates data on vulnerabilities in software and hardware from vendors around the world.

3 A website security vulnerability that allows an attacker to inject malicious code into a web page.

"Before CVE-2025-6430 was fixed, Firefox did not properly secure embedded media, causing files like documents, images, or videos to open directly in the browser rather than being downloaded. This system behavior could help attackers bypass XSS protections. By exploiting XSS on a website, attackers could inject a file containing malicious JavaScript, which would automatically execute when opened by the victim."

Daniil Satyaev
Daniil SatyaevJunior Banking Security Specialist at Positive Technologies

To stay protected, users should update Firefox to version 140.0 or higher and Firefox ESR to 128.12 or higher as soon as possible. If immediate updating isn't feasible, Positive Technologies recommends using input sanitization solutions, such as the DOMPurify library.

This is not the first time Positive Technologies has helped prevent XSS attacks. Earlier in 2025, Daniil Satyaev and the Banking Systems Security Research team helped patch several XSS vulnerabilities in the FreeScout support platform. Additionally, Alexey Solovyov and Yan Chizhevsky from the Web Application Security Analysis team found 23 vulnerabilities (BDU:2024-06382 to BDU:2024-06404), including XSS flaws, in the NetCat CMS platform.

To detect known vulnerabilities in your IT infrastructure, consider using MaxPatrol VM. To protect against exploitation, Positive Technologies recommends web application firewalls like PT Application Firewall or its cloud version, PT Cloud Application Firewall. When malicious activity is detected, these products alert MaxPatrol SIEM and block the attack. Tools like MaxPatrol Carbon can also help reduce risk by identifying attack paths and automating cyber resilience monitoring.

For up-to-date security information, visit the dbugs portal, which aggregates vulnerability data and vendor recommendations for software and hardware from vendors around the world.