CVE-2025-6434 Information
Jun 26, 2025
cve
Description
The exception page for the HTTPS-Only feature displayed when a website is opened via HTTP lacked an anti-clickjacking delay potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability affects Firefox < 140.
Reference
https://bugzilla.mozilla.org/show_bug.cgi?id=1955182 https://www.mozilla.org/security/advisories/mfsa2025-51/
Related CNNVD
CNNVD-202506-3080 (Published: 2025-06-24)
Share on: