Medium severity4.0NVD Advisory· Published Jan 7, 2025· Updated Apr 13, 2026
CVE-2025-0239
CVE-2025-0239
Description
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
34cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <134.0
- cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*range: <128.6.0
- (no CPE)range: <128.6
- (no CPE)range: <134
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <128.6.0
- (no CPE)range: <134
- osv-coords28 versionspkg:apk/chainguard/firefoxpkg:apk/chainguard/firefox-esrpkg:apk/wolfi/firefoxpkg:rpm/almalinux/firefoxpkg:rpm/almalinux/firefox-x11pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs128&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6
< 134.0-r0+ 27 more
- (no CPE)range: < 134.0-r0
- (no CPE)range: < 128.6.0-r0
- (no CPE)range: < 134.0-r0
- (no CPE)range: < 128.6.0-1.el9_5
- (no CPE)range: < 128.6.0-1.el9_5
- (no CPE)range: < 128.6.0-1.1
- (no CPE)range: < 128.6.0-150200.152.167.1
- (no CPE)range: < 134.0-1.1
- (no CPE)range: < 128.6.0-150200.8.197.1
- (no CPE)range: < 128.6.0-1.1
- (no CPE)range: < 128.7.0-1.1
- (no CPE)range: < 128.6.0-150200.152.167.1
- (no CPE)range: < 128.6.0-150200.152.167.1
- (no CPE)range: < 128.6.0-150200.152.167.1
- (no CPE)range: < 128.6.0-150200.152.167.1
- (no CPE)range: < 128.6.0-150200.152.167.1
- (no CPE)range: < 128.6.0-150200.152.167.1
- (no CPE)range: < 128.6.0-150200.152.167.1
- (no CPE)range: < 128.6.0-112.243.1
- (no CPE)range: < 128.6.0-150200.152.167.1
- (no CPE)range: < 128.6.0-150200.152.167.1
- (no CPE)range: < 128.6.0-150200.152.167.1
- (no CPE)range: < 128.6.0-150200.152.167.1
- (no CPE)range: < 128.6.0-150200.152.167.1
- (no CPE)range: < 128.6.0-150200.152.167.1
- (no CPE)range: < 128.6.0-112.243.1
- (no CPE)range: < 128.6.0-150200.8.197.1
- (no CPE)range: < 128.6.0-150200.8.197.1
Patches
Vulnerability mechanics
References
6- www.mozilla.org/security/advisories/mfsa2025-01/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-02/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-04/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-05/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPermissions Required
- lists.debian.org/debian-lts-announce/2025/01/msg00004.htmlnvd
News mentions
0No linked articles in our index yet.