#VU111894 Improperly implemented security check for standard in Mozilla Firefox and Firefox for Android - CVE-2025-6433
Published: June 24, 2025
Vulnerability identifier: #VU111894
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-6433
CWE-ID: CWE-358
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mozilla Firefox
Firefox for Android
Mozilla Firefox
Firefox for Android
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when handling invalid TLS certificates. If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors".
Remediation
Install updates from vendor's website.