VDB

ANCHORE-2025-0239

ANCHORE-2025-0239 PUBLISHED

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

Affected Products

VendorProductVersions
MozillaFirefox ESR0, 0, 0
MozillaThunderbird129, 0, 129
MozillaFirefox0, 0, 0

Timeline

  • Jan 7, 2025 CVE Published
  • Jan 13, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›