CVE-2025-0239 The advisory has been revoked - it doesn't affect any version of package firefox  (opens in a new tab)


Threat Intelligence

EPSS
0.03% (7th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU2004-FIREFOX-8604051
  • published9 Jan 2025
  • disclosed7 Jan 2025

Introduced: 7 Jan 2025

CVE-2025-0239  (opens in a new tab)

Amendment

The Ubuntu security team deemed this advisory irrelevant for Ubuntu:20.04.

NVD Description

Note: Versions mentioned in the description apply only to the upstream firefox package and not the firefox package as distributed by Ubuntu.

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.