CVE-2025-6433 – “Firefox WebAuthn TLS Certificate Exception Vulnerability”

June 24, 2025

CVE ID : CVE-2025-6433

Published : June 24, 2025, 1:15 p.m. | 1 hour, 23 minutes ago

Description : If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires “a secure transport established without errors”. This vulnerability affects Firefox
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6566 – Oatpp Oat++ JSON DeserializeArray Stack-Based Buffer Overflow Vulnerability

Next Article CVE-2025-6431 – “Firefox for Android External Application Bypass Vulnerability”

Highlights

CVE-2025-20154 – Cisco TWAMP Server Out-of-Bounds Array Access Denial of Service Vulnerability

May 7, 2025

CVE ID : CVE-2025-20154

Published : May 7, 2025, 6:15 p.m. | 1 hour, 29 minutes ago

Description : A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server process to reload unexpectedly if debugs are enabled.

This vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Note: For Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows: Security Impact Rating (SIR): Low CVSS Base Score: 3.7 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-6433 – “Firefox WebAuthn TLS Certificate Exception Vulnerability”

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Orange Pi RV2 Single Board Computer Running Linux: Building a Program

This month in security with Tony Anscombe – May 2025 edition

Ubisoft says you don’t own your video games, read the fine print

Graylog Flaw (CVE-2025-53106, CVSS 8.8): Privilege Escalation Via API Token Abuse

CVE-2025-20154 – Cisco TWAMP Server Out-of-Bounds Array Access Denial of Service Vulnerability

CVE-2025-37992 – Linux Kernel net_sched NULL Pointer Dereference Vulnerability

ByteDance Open-Sources DeerFlow: A Modular Multi-Agent Framework for Deep Research Automation

CVE-2025-39460 – ThimPress Eduma Missing Authorization Vulnerability

CVE-2025-6433 – “Firefox WebAuthn TLS Certificate Exception Vulnerability”

Related Posts