CVE-2025-6433 Information

Jun 26, 2025 cve

Description

If a user visited a webpage with an invalid TLS certificate and granted an exception the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires secure transport established without errors. This vulnerability affects Firefox < 140.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1954033 https://www.mozilla.org/security/advisories/mfsa2025-51/

CNNVD-202506-3078 (Published: 2025-06-24)

Share on:

CVE-2025-6433 Information

Description

Reference

Related CNNVD