8 matches found
EUVD-2025-19088
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-6433
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would ...
Security Vulnerabilities fixed in Thunderbird 140 — Mozilla
A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. Th...
Mozilla Thunderbird < 140.0
The version of Thunderbird installed on the remote Windows host is prior to 140.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-54 advisory. - Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory...
CVE-2025-6433
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This...
CVE-2025-6433 WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This...
PT-2025-26730
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The issue arises when a user visits a webpage with an invalid TLS certificate and grants an exception. In this scenario, the webpage can provide a WebAuthn challenge that the user is prompted to...
Astra Linux – Vulnerability in Firefox
If a user visited a webpage with an invalid TLS certificate and granted an exception, the webpage was able to present a WebAuthn challenge that the user was prompted to complete. This violates the WebAuthN specification, which requires a secure transport connection without errors. This...