CVE-2025-6432 is a vulnerability identified in Mozilla Firefox and Thunderbird prior to version 140 that affects the Multi-Account Containers feature. This feature is designed to isolate browsing contexts for privacy and organizational purposes. The vulnerability arises when DNS requests are made for invalid domain names or when the configured SOCKS proxy is unresponsive. Under these conditions, DNS requests bypass the SOCKS proxy, which is intended to anonymize or secure DNS traffic. This bypass leads to DNS leakage, exposing domain queries directly to the network rather than routing them through the proxy. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information) and has a CVSS v3.1 score of 8.6, indicating high severity. The attack vector is network-based, requiring no privileges or user interaction, making it easier to exploit remotely. The impact primarily affects confidentiality by revealing DNS queries, which can be used to infer user activity or target users for further attacks. Integrity and availability impacts are rated lower but present due to potential proxy failure scenarios. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed promptly. The issue highlights a flaw in the handling of DNS requests in privacy-enhancing browser features and the importance of robust proxy enforcement mechanisms.

For European organizations, this vulnerability poses a significant risk to user privacy and data confidentiality. DNS leakage can reveal sensitive information about user browsing habits, potentially exposing corporate or personal data to network observers or malicious actors. This is particularly concerning for organizations that rely on SOCKS proxies for anonymization, geo-restriction circumvention, or secure communications. The exposure could facilitate targeted phishing, surveillance, or data exfiltration attacks. Additionally, organizations in regulated sectors such as finance, healthcare, or government may face compliance issues under GDPR or other privacy regulations if user data is inadvertently exposed. The vulnerability could also undermine trust in privacy tools and browser security, impacting remote workers and users who depend on containerization for separating work and personal browsing. Although no known exploits exist yet, the ease of exploitation and high confidentiality impact warrant urgent attention.

1. Apply updates to Mozilla Firefox and Thunderbird to version 140 or later as soon as patches become available to ensure the vulnerability is fixed. 2. Until patches are released, consider disabling the Multi-Account Containers feature to prevent DNS requests from bypassing the SOCKS proxy. 3. Configure network monitoring to detect DNS requests that do not route through the expected proxy infrastructure, enabling early detection of leakage. 4. Review and enforce strict proxy configurations and fallback mechanisms to ensure DNS requests cannot bypass proxies under any failure conditions. 5. Educate users about the risks of using Multi-Account Containers with proxies and encourage reporting of unusual network behavior. 6. For organizations using custom proxy or DNS solutions, validate that these systems correctly handle invalid domain names and proxy failures without leaking DNS queries. 7. Implement DNS over HTTPS (DoH) or DNS over TLS (DoT) where possible to encrypt DNS traffic and reduce exposure. 8. Conduct periodic security assessments of browser configurations and proxy setups to identify and remediate similar weaknesses proactively.