CVE-2025-0239

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-0239

Severity

Unknown

Description

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

References

https://images.chainguard.dev/security/CGA-p9c4-f525-g92c
https://github.com/advisories/GHSA-p4q7-g7ff-823j
https://images.chainguard.dev/security/CGA-hrwf-5wxm-58jc
https://www.mozilla.org/security/advisories/mfsa2025-01/
https://www.mozilla.org/security/advisories/mfsa2025-02/
https://www.mozilla.org/security/advisories/mfsa2025-04/
https://www.mozilla.org/security/advisories/mfsa2025-05/
https://bugzilla.mozilla.org/show_bug.cgi?id=1929156

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-0239

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company