Home

CVE-2025-6434

Description

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability affects Firefox < 140 and Thunderbird < 140.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.042

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Mozilla Firefox (140.0)Windows
Multiple vulnerabilities are fixed in Mozilla Firefox (x64) (140.0)Windows
Multiple vulnerabilities are fixed in Mozilla Thunderbird (140.0)Windows
Multiple vulnerabilities are fixed in Mozilla Thunderbird (x64) (140.0)Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 139.99Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 139.99Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (140.0)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (140.0.1)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (140.0.2)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (140.0.4)Mac
SUSE-SU-2025:02529-1(Desktop Applications Module 15 SP7) MozillaFirefox-translations-other-140.1.0-150200.152.193.1.x86_64.rpmLinux
SUSE-SU-2025:02529-1(Desktop Applications Module 15 SP6) MozillaFirefox-translations-other-140.1.0-150200.152.193.1.x86_64.rpmLinux
SUSE-SU-2025:02529-1(Desktop Applications Module 15 SP7) MozillaFirefox-translations-common-140.1.0-150200.152.193.1.x86_64.rpmLinux
SUSE-SU-2025:02529-1(Desktop Applications Module 15 SP6) MozillaFirefox-translations-common-140.1.0-150200.152.193.1.x86_64.rpmLinux
SUSE-SU-2025:02529-1(Desktop Applications Module 15 SP7) MozillaFirefox-devel-140.1.0-150200.152.193.1.noarch.rpmLinux
SUSE-SU-2025:02529-1(Desktop Applications Module 15 SP6) MozillaFirefox-devel-140.1.0-150200.152.193.1.noarch.rpmLinux
SUSE-SU-2025:02529-1(Desktop Applications Module 15 SP7) MozillaFirefox-debugsource-140.1.0-150200.152.193.1.x86_64.rpmLinux
SUSE-SU-2025:02529-1(Desktop Applications Module 15 SP6) MozillaFirefox-debugsource-140.1.0-150200.152.193.1.x86_64.rpmLinux
SUSE-SU-2025:02529-1(Desktop Applications Module 15 SP7) MozillaFirefox-debuginfo-140.1.0-150200.152.193.1.x86_64.rpmLinux
SUSE-SU-2025:02529-1(Desktop Applications Module 15 SP6) MozillaFirefox-debuginfo-140.1.0-150200.152.193.1.x86_64.rpmLinux
SUSE-SU-2025:02529-1(Desktop Applications Module 15 SP7) MozillaFirefox-branding-SLE-140-150200.9.21.1.x86_64.rpmLinux
SUSE-SU-2025:02529-1(Desktop Applications Module 15 SP6) MozillaFirefox-branding-SLE-140-150200.9.21.1.x86_64.rpmLinux
SUSE-SU-2025:02529-1(Desktop Applications Module 15 SP7) MozillaFirefox-140.1.0-150200.152.193.1.x86_64.rpmLinux
SUSE-SU-2025:02529-1(Desktop Applications Module 15 SP6) MozillaFirefox-140.1.0-150200.152.193.1.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-349138Mozilla Firefox (140.0)
PATCH-349139Mozilla Firefox (x64) (140.0)
PATCH-349424Mozilla Thunderbird (140.0)
PATCH-349425Mozilla Thunderbird (x64) (140.0)
PATCH-351030Mozilla Firefox (x64) (142.0.1)
PATCH-351029Mozilla Firefox (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234