Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-6433

Опубликовано: 24 июн. 2025
Источник: redhat
CVSS3: 3.4
EPSS Низкий

Описание

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability affects Firefox < 140.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10firefoxNot affected
Red Hat Enterprise Linux 10rhel10/firefox-flatpakNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 9firefoxNot affected

Показывать по

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=2374567firefox: WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate

EPSS

Процентиль: 8%
0.00034
Низкий

3.4 Low

CVSS3

Связанные уязвимости

CVSS3: 9.8
ubuntu
около 1 месяца назад

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability affects Firefox < 140.

CVSS3: 9.8
nvd
около 1 месяца назад

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability affects Firefox < 140.

CVSS3: 9.8
debian
около 1 месяца назад

If a user visited a webpage with an invalid TLS certificate, and grant ...

CVSS3: 9.8
github
около 1 месяца назад

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability affects Firefox < 140.

CVSS3: 4.3
fstec
около 1 месяца назад

Уязвимость реализации протокола TLS браузера Mozilla Firefox, позволяющая нарушителю обойти существующие ограничения безопасности и получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 8%
0.00034
Низкий

3.4 Low

CVSS3