5 matches found
curl: PROTOCOL-LEVEL: Persistent UDP Amplification and Cache Poisoning via Alt-Svc Logic Flaw
Summary A structural logic flaw in the libcurl Alt-Svc header parser allows attack attributes specifically persist and max-age to "leak" from one service definition to another. We have successfully chained this logic bug with curl's HTTP/3 QUIC support to demonstrate a Persistent UDP Amplificatio...
firefox: Alt-Svc ALPN validation failure when redirected
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...
firefox: Alt-Svc ALPN validation failure when redirected
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...
firefox: Alt-Svc ALPN validation failure when redirected
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...
CVE-2025-0239
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...