Vulnerability Database

296,137

Total vulnerabilities in the database

CVE-2025-6434

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability affects Firefox < 140 and Thunderbird < 140.

  • Published: Jun 24, 2025
  • Updated: Jul 15, 2025
  • CVE: CVE-2025-6434
  • Exploit:

No technical information available.

No CWE or OWASP classifications available.

Software From Fixed in
mozilla / firefox - 140.0