Description
When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability was fixed in Firefox 140 and Thunderbird 140.
Published: 2025-06-24
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Exposure via DNS requests leaking outside a SOCKS proxy
Action: Patch Now
AI Analysis

Impact

When Multi-Account Containers is activated, certain DNS queries can bypass an established SOCKS proxy if the domain name is invalid or the proxy is unresponsive. The compromised DNS traffic is therefore exposed to the local network, and based on the description, it is inferred that victim browsing activity and potentially the proxy endpoints could be revealed. This vulnerability is classified as an information exposure flaw (CWE‑200) and does not provide code execution or other destructive capabilities, but it can undermine user privacy and network security.

Affected Systems

The issue affects Mozilla Firefox and Mozilla Thunderbird. Versions released before 140 are vulnerable; both products introduce a patch in version 140 that resolves the DNS tunneling defect.

Risk and Exploitability

The CVSS score of 8.6 positions this flaw in the high severity range, yet its EPSS score of less than 1% indicates a very low probability of being exploited in the wild. It does not appear in the CISA KEV catalog. An attacker likely needs to have a victim use a Multi‑Account Container with a misconfigured or down SOCKS proxy; based on the description, it is inferred that through this scenario the attacker can observe or later manipulate leaked DNS queries. Based on the description, it is inferred that the vulnerability operates from a client side, so the threat is limited to systems where the affected client and containers are in use.

Generated by OpenCVE AI on April 20, 2026 at 18:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Firefox and Thunderbird to version 140 or newer to apply the vendor patch
  • If an update is not immediately possible, disable or avoid enabling Multi‑Account Containers until the upgrade is performed
  • Verify that the SOCKS proxy configuration redirects all outgoing DNS traffic and monitor network connections to confirm that DNS queries are routed through the proxy

Generated by OpenCVE AI on April 20, 2026 at 18:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21376 When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140 and Thunderbird < 140.
Ubuntu USN Ubuntu USN USN-7991-1 Thunderbird vulnerabilities
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140 and Thunderbird < 140. When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability was fixed in Firefox 140 and Thunderbird 140.

Thu, 30 Oct 2025 16:30:00 +0000

Type Values Removed Values Added
Title firefox: DNS Requests leaked outside of a configured SOCKS proxy DNS Requests leaked outside of a configured SOCKS proxy

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00058}

 epss

{'score': 0.00055}

Mon, 14 Jul 2025 18:45:00 +0000

Type Values Removed Values Added
Description When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140. When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140 and Thunderbird < 140.
References

Thu, 03 Jul 2025 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
Vendors & Products Mozilla
Mozilla firefox

Thu, 26 Jun 2025 00:30:00 +0000

Type Values Removed Values Added
Title firefox: DNS Requests leaked outside of a configured SOCKS proxy
References
Metrics threat_severity

None

 threat_severity

Low

Wed, 25 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Jun 2025 12:45:00 +0000

Type Values Removed Values Added
Description When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140.
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:31:07.825Z

Reserved: 2025-06-20T14:51:37.854Z

Link: CVE-2025-6432

cve-icon Vulnrichment

Updated: 2025-06-25T14:20:33.868Z

cve-icon NVD

Status : Modified

Published: 2025-06-24T13:15:24.220

Modified: 2026-04-13T15:17:07.637

Link: CVE-2025-6432

cve-icon Redhat

Severity : Low

Publid Date: 2025-06-24T12:28:03Z

Links: CVE-2025-6432 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T18:15:13Z

Weaknesses