CNNVD-202506-3078 Information

CNNVD ID

CNNVD-202506-3078

Related CVE

CVE-2025-6433

• CNNVD Published: 2025-06-24

Description (Chinese)

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 140之前版本存在安全漏洞，该漏洞源于无效TLS证书情况下仍允许WebAuthn挑战，可能导致安全风险。

Description (English)

Mozilla Firefox is an open-source Web browser for the Mozilla Foundation in the United States. There was a security loophole in the previous version of Mozilla Firefox 140, which stemmed from the fact that webAuthn was still allowed to challenge in case of invalid TLS certificates, which could lead to security risks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Mozilla

Published

2025-06-24

Last Modified

2026-02-24

References

https://www.mozilla.org/security/advisories/mfsa2025-51/ https://www.mozilla.org/security/advisories/mfsa2025-54/ https://bugzilla.mozilla.org/show_bug.cgi?id=1954033

Patch

https://www.mozilla.org/en-US/firefox/140.0/releasenotes/