Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-6433

Опубликовано: 24 июн. 2025
Источник: debian
EPSS Низкий

Описание

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability affects Firefox < 140 and Thunderbird < 140.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed140.0-1package

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6433

EPSS

Процентиль: 7%
0.00031
Низкий

Связанные уязвимости

CVSS3: 9.8
ubuntu
около 1 месяца назад

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability affects Firefox < 140.

CVSS3: 3.4
redhat
около 1 месяца назад

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability affects Firefox < 140 and Thunderbird < 140.

CVSS3: 9.8
nvd
около 1 месяца назад

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability affects Firefox < 140 and Thunderbird < 140.

CVSS3: 9.8
github
около 1 месяца назад

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability affects Firefox < 140.

CVSS3: 4.3
fstec
около 1 месяца назад

Уязвимость реализации протокола TLS браузера Mozilla Firefox, позволяющая нарушителю обойти существующие ограничения безопасности и получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 7%
0.00031
Низкий