2 matches found
CVE-2025-6433 WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 140, which stems from allowing WebAuthn challenges despite invalid TLS certificates, which could lead to security risks...