CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID in Mozilla Firefox
An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.
AI Analysis
Technical Summary
CVE-2025-6425 is a privacy-related vulnerability found in the WebCompat WebExtension shipped with Mozilla Firefox versions prior to 140, Firefox ESR versions prior to 115.25, and Firefox ESR versions prior to 128.12. The WebCompat extension is designed to improve website compatibility by enabling certain fixes and workarounds. However, this vulnerability arises because the extension exposes a persistent universally unique identifier (UUID) that can be enumerated by an attacker. This UUID uniquely identifies the browser instance and remains persistent across different browsing contexts such as containers and normal or private browsing modes, although it does not persist across different Firefox profiles. An attacker capable of enumerating resources from the WebCompat extension could extract this UUID, effectively enabling cross-context tracking of the user’s browser. This undermines user privacy by allowing persistent identification and tracking despite the use of private browsing or container tabs, which are typically used to isolate browsing sessions and reduce tracking. The vulnerability does not require user authentication or interaction beyond visiting a malicious or compromised website that can access the WebCompat extension’s exposed resources. There are no known exploits in the wild at the time of publication, and no official patch links have been provided yet. The vulnerability does not affect the confidentiality or integrity of data directly but impacts user privacy and anonymity by leaking a persistent identifier. The scope affects all Firefox users on the specified vulnerable versions, which are widely used across personal, enterprise, and governmental environments.
Potential Impact
For European organizations, the primary impact of CVE-2025-6425 is the erosion of user privacy and potential exposure to tracking and profiling by malicious actors. Organizations relying on Firefox for secure and private browsing, especially those handling sensitive or regulated data, may face increased risk of user identification and tracking across browsing sessions, undermining privacy compliance efforts such as those mandated by GDPR. This could lead to reputational damage, regulatory scrutiny, and potential legal consequences if user privacy is compromised. Additionally, sectors such as finance, healthcare, and government agencies that emphasize strong privacy controls could see increased risk of targeted profiling or surveillance. While the vulnerability does not directly allow code execution or data manipulation, the persistent UUID could be combined with other attack vectors to facilitate more sophisticated profiling or targeted attacks. The lack of requirement for user interaction or authentication means that any user visiting a malicious or compromised website could be affected, increasing the attack surface. Given Firefox’s significant market share in Europe, especially among privacy-conscious users and organizations, the impact is non-trivial.
Mitigation Recommendations
1. Immediate mitigation involves updating Firefox to version 140 or later, or the corresponding ESR versions 115.25 or 128.12 once patches are officially released. Organizations should prioritize deploying these updates across all endpoints. 2. Until patches are available, organizations can consider disabling or restricting the WebCompat extension via enterprise policies or Firefox configuration settings to prevent exposure of the UUID. 3. Employ network-level protections such as web filtering and intrusion detection systems to block or monitor suspicious requests attempting to enumerate extension resources. 4. Educate users about the risks of visiting untrusted websites and encourage the use of additional privacy tools such as VPNs or privacy-focused browser extensions that limit fingerprinting and tracking. 5. For high-security environments, consider using separate Firefox profiles or browsers that are not affected by this vulnerability to isolate sensitive browsing activities. 6. Monitor Mozilla security advisories closely for official patches and guidance, and test updates in controlled environments before wide deployment. 7. Review and enhance organizational privacy policies and incident response plans to address potential privacy breaches stemming from tracking vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Belgium, Italy, Spain, Poland
CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID in Mozilla Firefox
Description
An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.
AI-Powered Analysis
Technical Analysis
CVE-2025-6425 is a privacy-related vulnerability found in the WebCompat WebExtension shipped with Mozilla Firefox versions prior to 140, Firefox ESR versions prior to 115.25, and Firefox ESR versions prior to 128.12. The WebCompat extension is designed to improve website compatibility by enabling certain fixes and workarounds. However, this vulnerability arises because the extension exposes a persistent universally unique identifier (UUID) that can be enumerated by an attacker. This UUID uniquely identifies the browser instance and remains persistent across different browsing contexts such as containers and normal or private browsing modes, although it does not persist across different Firefox profiles. An attacker capable of enumerating resources from the WebCompat extension could extract this UUID, effectively enabling cross-context tracking of the user’s browser. This undermines user privacy by allowing persistent identification and tracking despite the use of private browsing or container tabs, which are typically used to isolate browsing sessions and reduce tracking. The vulnerability does not require user authentication or interaction beyond visiting a malicious or compromised website that can access the WebCompat extension’s exposed resources. There are no known exploits in the wild at the time of publication, and no official patch links have been provided yet. The vulnerability does not affect the confidentiality or integrity of data directly but impacts user privacy and anonymity by leaking a persistent identifier. The scope affects all Firefox users on the specified vulnerable versions, which are widely used across personal, enterprise, and governmental environments.
Potential Impact
For European organizations, the primary impact of CVE-2025-6425 is the erosion of user privacy and potential exposure to tracking and profiling by malicious actors. Organizations relying on Firefox for secure and private browsing, especially those handling sensitive or regulated data, may face increased risk of user identification and tracking across browsing sessions, undermining privacy compliance efforts such as those mandated by GDPR. This could lead to reputational damage, regulatory scrutiny, and potential legal consequences if user privacy is compromised. Additionally, sectors such as finance, healthcare, and government agencies that emphasize strong privacy controls could see increased risk of targeted profiling or surveillance. While the vulnerability does not directly allow code execution or data manipulation, the persistent UUID could be combined with other attack vectors to facilitate more sophisticated profiling or targeted attacks. The lack of requirement for user interaction or authentication means that any user visiting a malicious or compromised website could be affected, increasing the attack surface. Given Firefox’s significant market share in Europe, especially among privacy-conscious users and organizations, the impact is non-trivial.
Mitigation Recommendations
1. Immediate mitigation involves updating Firefox to version 140 or later, or the corresponding ESR versions 115.25 or 128.12 once patches are officially released. Organizations should prioritize deploying these updates across all endpoints. 2. Until patches are available, organizations can consider disabling or restricting the WebCompat extension via enterprise policies or Firefox configuration settings to prevent exposure of the UUID. 3. Employ network-level protections such as web filtering and intrusion detection systems to block or monitor suspicious requests attempting to enumerate extension resources. 4. Educate users about the risks of visiting untrusted websites and encourage the use of additional privacy tools such as VPNs or privacy-focused browser extensions that limit fingerprinting and tracking. 5. For high-security environments, consider using separate Firefox profiles or browsers that are not affected by this vulnerability to isolate sensitive browsing activities. 6. Monitor Mozilla security advisories closely for official patches and guidance, and test updates in controlled environments before wide deployment. 7. Review and enhance organizational privacy policies and incident response plans to address potential privacy breaches stemming from tracking vulnerabilities.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-06-20T14:51:28.050Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 685aa0274dc24046c1dc5a91
Added to database: 6/24/2025, 12:55:03 PM
Last enriched: 6/24/2025, 1:13:38 PM
Last updated: 8/1/2025, 9:44:22 AM
Views: 14
Related Threats
CVE-2025-9025: SQL Injection in code-projects Simple Cafe Ordering System
MediumCVE-2025-9024: SQL Injection in PHPGurukul Beauty Parlour Management System
MediumCVE-2025-9023: Buffer Overflow in Tenda AC7
HighCVE-2025-8905: CWE-94 Improper Control of Generation of Code ('Code Injection') in inpersttion Inpersttion For Theme
MediumCVE-2025-8720: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in morehawes Plugin README Parser
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.