Primary

Context

Mozilla Firefox Content Injection Vulnerability via Ignored CSP Headers in Devtools Preview

Vulnerability

Patched

A vulnerability in Mozilla Firefox has been identified, where the Devtools response preview feature disregarded Content Security Policy (CSP) headers. This oversight could have facilitated content injection attacks. The issue affects Firefox versions prior to 139.

Impact

Exploitation of this vulnerability could have led to content injection attacks.

Remediation

Users can update to Firefox version 139 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

1.3

exploitability

4.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

1.3

exploitability

4.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox Content Injection Vulnerability via Ignored CSP Headers in Devtools Preview

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating