Vulnerability CVE-2025-0239: Information

Description

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

Published: Jan. 7, 2025
Modified: Jan. 14, 2025

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus134.0-alt1134.0-alt1ALT-PU-2025-1063-2368493Fixed
firefox-esrsisyphus128.6.0-alt1128.6.0-alt1ALT-PU-2025-1055-2368492Fixed
firefox-esrp11128.6.0-alt1128.5.2-alt1ALT-PU-2025-1154-3369303Fixed
thunderbirdsisyphus128.6.0-alt1128.6.0-alt1ALT-PU-2025-1061-2368499Fixed
thunderbirdsisyphus_riscv64128.6.0-alt1128.6.0-alt1ALT-PU-2025-1139-1-Fixed
thunderbirdsisyphus_loongarch64128.6.0-alt1128.6.0-alt1ALT-PU-2025-1146-1-Fixed

References to Advisories, Solutions, and Tools