Skip to main content

CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID in Mozilla Firefox

Medium
VulnerabilityCVE-2025-6425cvecve-2025-6425
Published: Tue Jun 24 2025 (06/24/2025, 12:27:59 UTC)
Source: CVE Database V5
Vendor/Project: Mozilla
Product: Firefox

Description

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

AI-Powered Analysis

AILast updated: 06/24/2025, 13:13:38 UTC

Technical Analysis

CVE-2025-6425 is a privacy-related vulnerability found in the WebCompat WebExtension shipped with Mozilla Firefox versions prior to 140, Firefox ESR versions prior to 115.25, and Firefox ESR versions prior to 128.12. The WebCompat extension is designed to improve website compatibility by enabling certain fixes and workarounds. However, this vulnerability arises because the extension exposes a persistent universally unique identifier (UUID) that can be enumerated by an attacker. This UUID uniquely identifies the browser instance and remains persistent across different browsing contexts such as containers and normal or private browsing modes, although it does not persist across different Firefox profiles. An attacker capable of enumerating resources from the WebCompat extension could extract this UUID, effectively enabling cross-context tracking of the user’s browser. This undermines user privacy by allowing persistent identification and tracking despite the use of private browsing or container tabs, which are typically used to isolate browsing sessions and reduce tracking. The vulnerability does not require user authentication or interaction beyond visiting a malicious or compromised website that can access the WebCompat extension’s exposed resources. There are no known exploits in the wild at the time of publication, and no official patch links have been provided yet. The vulnerability does not affect the confidentiality or integrity of data directly but impacts user privacy and anonymity by leaking a persistent identifier. The scope affects all Firefox users on the specified vulnerable versions, which are widely used across personal, enterprise, and governmental environments.

Potential Impact

For European organizations, the primary impact of CVE-2025-6425 is the erosion of user privacy and potential exposure to tracking and profiling by malicious actors. Organizations relying on Firefox for secure and private browsing, especially those handling sensitive or regulated data, may face increased risk of user identification and tracking across browsing sessions, undermining privacy compliance efforts such as those mandated by GDPR. This could lead to reputational damage, regulatory scrutiny, and potential legal consequences if user privacy is compromised. Additionally, sectors such as finance, healthcare, and government agencies that emphasize strong privacy controls could see increased risk of targeted profiling or surveillance. While the vulnerability does not directly allow code execution or data manipulation, the persistent UUID could be combined with other attack vectors to facilitate more sophisticated profiling or targeted attacks. The lack of requirement for user interaction or authentication means that any user visiting a malicious or compromised website could be affected, increasing the attack surface. Given Firefox’s significant market share in Europe, especially among privacy-conscious users and organizations, the impact is non-trivial.

Mitigation Recommendations

1. Immediate mitigation involves updating Firefox to version 140 or later, or the corresponding ESR versions 115.25 or 128.12 once patches are officially released. Organizations should prioritize deploying these updates across all endpoints. 2. Until patches are available, organizations can consider disabling or restricting the WebCompat extension via enterprise policies or Firefox configuration settings to prevent exposure of the UUID. 3. Employ network-level protections such as web filtering and intrusion detection systems to block or monitor suspicious requests attempting to enumerate extension resources. 4. Educate users about the risks of visiting untrusted websites and encourage the use of additional privacy tools such as VPNs or privacy-focused browser extensions that limit fingerprinting and tracking. 5. For high-security environments, consider using separate Firefox profiles or browsers that are not affected by this vulnerability to isolate sensitive browsing activities. 6. Monitor Mozilla security advisories closely for official patches and guidance, and test updates in controlled environments before wide deployment. 7. Review and enhance organizational privacy policies and incident response plans to address potential privacy breaches stemming from tracking vulnerabilities.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mozilla
Date Reserved
2025-06-20T14:51:28.050Z
Cvss Version
null
State
PUBLISHED

Threat ID: 685aa0274dc24046c1dc5a91

Added to database: 6/24/2025, 12:55:03 PM

Last enriched: 6/24/2025, 1:13:38 PM

Last updated: 8/15/2025, 9:36:04 AM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats