The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.

fedora FEDORA-2025-1605ec3e86: firefox-140.0-1.fc41

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6bffc34b8d advisory.

    - Updated to latest upstream (140.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-firefox installed on the remote host is prior to 140.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-175-02 advisory.

    New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the mozilla-firefox security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-53 advisory.

  - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. (CVE-2025-6424)

  - An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID     that identified the browser, and persisted between containers and normal/private browsing mode, but not     profiles. (CVE-2025-6425)

  - The executable file warning did not warn users before opening files with the <code>terminal</code>     extension.  This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.
    (CVE-2025-6426)

  - Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the     URL specified in an <code>embed</code> tag.  This could have bypassed website security checks that     restricted which domains users were allowed to embed. (CVE-2025-6429)

  - When a file download is specified via the <code>Content-Disposition</code> header, that directive would be     ignored if the file was included via a <code><embed></code> or <code><object></code> tag,     potentially making a website vulnerable to a cross-site scripting attack. (CVE-2025-6430)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 128.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-53 advisory.

  - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. (CVE-2025-6424)

  - An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID     that identified the browser, and persisted between containers and normal/private browsing mode, but not     profiles. (CVE-2025-6425)

  - The executable file warning did not warn users before opening files with the <code>terminal</code>     extension.  This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.
    (CVE-2025-6426)

  - Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the     URL specified in an <code>embed</code> tag.  This could have bypassed website security checks that     restricted which domains users were allowed to embed. (CVE-2025-6429)

  - When a file download is specified via the <code>Content-Disposition</code> header, that directive would be     ignored if the file was included via a <code><embed></code> or <code><object></code> tag,     potentially making a website vulnerable to a cross-site scripting attack. (CVE-2025-6430)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 140.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-51 advisory.

  - Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2025-6436)

  - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. (CVE-2025-6424)

  - An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID     that identified the browser, and persisted between containers and normal/private browsing mode, but not     profiles. (CVE-2025-6425)

  - The executable file warning did not warn users before opening files with the <code>terminal</code>     extension.  This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.
    (CVE-2025-6426)

  - An attacker was able to bypass the <code>connect-src</code> directive of a Content Security Policy by     manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools.
    (CVE-2025-6427)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 140.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-51 advisory.

  - Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2025-6436)

  - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. (CVE-2025-6424)

  - An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID     that identified the browser, and persisted between containers and normal/private browsing mode, but not     profiles. (CVE-2025-6425)

  - The executable file warning did not warn users before opening files with the <code>terminal</code>     extension.  This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.
    (CVE-2025-6426)

  - An attacker was able to bypass the <code>connect-src</code> directive of a Content Security Policy by     manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools.
    (CVE-2025-6427)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
240515	Fedora 42 : firefox (2025-6bffc34b8d)	Nessus	Fedora Local Security Checks	high
240489	Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2025-175-02)	Nessus	Slackware Local Security Checks	high
240336	Mozilla Firefox ESR < 128.12	Nessus	MacOS X Local Security Checks	critical
240335	Mozilla Firefox ESR < 128.12	Nessus	Windows	critical
240334	Mozilla Firefox < 140.0	Nessus	Windows	critical
240333	Mozilla Firefox < 140.0	Nessus	MacOS X Local Security Checks	critical

Detections

Analytics

CVE-2025-6426

high

Tenable Plugins

Coming Soon

high

high

critical

critical

critical

critical