Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-6434

Опубликовано: 24 июн. 2025
Источник: redhat
CVSS3: 3.4
EPSS Низкий

Описание

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability affects Firefox < 140 and Thunderbird < 140.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10firefoxNot affected
Red Hat Enterprise Linux 10rhel10/firefox-flatpakNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 9firefoxNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=2374566firefox: HTTPS-Only exception screen lacked anti-clickjacking delay

EPSS

Процентиль: 7%
0.00028
Низкий

3.4 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-6434

CVSS3: 4.3
ubuntu
6 месяцев назад

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability affects Firefox < 140 and Thunderbird < 140.

nvd логотип

CVE-2025-6434

CVSS3: 4.3
nvd
6 месяцев назад

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability affects Firefox < 140 and Thunderbird < 140.

debian логотип

CVE-2025-6434

CVSS3: 4.3
debian
6 месяцев назад

The exception page for the HTTPS-Only feature, displayed when a websit ...

github логотип

GHSA-87mm-rg9r-h8wm

CVSS3: 4.3
github
6 месяцев назад

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability affects Firefox < 140.

fstec логотип

BDU:2025-07647

CVSS3: 4.3
fstec
6 месяцев назад

Уязвимость режима HTTPS-Only Mode браузера Mozilla Firefox, позволяющая нарушителю провести атаку типа clickjacking («захват клика»)

EPSS

Процентиль: 7%
0.00028
Низкий

3.4 Low

CVSS3