Primary

Context

Mozilla Firefox WebAuthn Vulnerability Over Invalid TLS Certificate

Vulnerability

Patched

A vulnerability in Mozilla Firefox allows a webpage with an invalid TLS certificate to present a WebAuthn challenge, which the user is prompted to complete. This behavior contradicts the WebAuthn specification, which mandates a secure transport without errors. The issue arises when a user accepts an exception for the invalid certificate. This vulnerability affects Firefox versions prior to 140.

Impact

Exploitation of this vulnerability could lead to unauthorized WebAuthn assertions, allowing users to inadvertently complete authentication challenges on insecure websites.

Remediation

Users can update to Firefox 140 to address this vulnerability.

Added: Jun 24, 2025, 1:18 PM

Updated: Jun 24, 2025, 1:18 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox WebAuthn Vulnerability Over Invalid TLS Certificate

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating