vulnerability

Amazon Linux 2023: CVE-2025-6429: Important priority package update for firefox

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Jun 24, 2025	Jul 11, 2025	Jul 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Jun 24, 2025

Added

Jul 11, 2025

Modified

Jul 11, 2025

Description

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed.

Solutions

amazon-linux-2023-upgrade-firefoxamazon-linux-2023-upgrade-firefox-debuginfoamazon-linux-2023-upgrade-firefox-debugsource

References

CVE-2025-6429
https://attackerkb.com/topics/CVE-2025-6429
URL-https://alas.aws.amazon.com/AL2023/ALAS-2025-1055.html
CWE-116

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today