Mozilla Firefox and Thunderbird Alt-Svc ALPN Validation Vulnerability

A vulnerability exists in Mozilla Firefox versions prior to 134, Firefox ESR versions prior to 128.6, and Thunderbird versions prior to 134 and Thunderbird ESR versions prior to 128.6. When using Alt-Svc, the Application-Layer Protocol Negotiation (ALPN) did not correctly validate certificates during redirections from secure to insecure sites. This flaw could potentially be exploited to intercept or manipulate communications.

Impact

Exploitation of this vulnerability could lead to improper validation of certificates, allowing for potential interception or manipulation of communications.

Remediation

Users can upgrade to Firefox 134, Firefox ESR 128.6, Thunderbird 134, or Thunderbird ESR 128.6 to address this vulnerability.