Primary

Context

Mozilla Firefox HTTPS-Only Feature Clickjacking Vulnerability

Vulnerability

Patched

A vulnerability in Mozilla Firefox's HTTPS-Only feature exception page allowed for potential clickjacking attacks. The page, which appears when a website is accessed via HTTP, did not include a delay to prevent such attacks. This flaw could have enabled an attacker to manipulate a user into accepting an exception and loading a webpage over HTTP. The vulnerability affects Firefox versions prior to 140.

Impact

Exploitation of this vulnerability could have led to unauthorized loading of webpages over HTTP, bypassing the HTTPS-Only security feature.

Remediation

Users can update to Firefox version 140 or later to address this vulnerability.

Added: Jun 24, 2025, 1:35 PM

Updated: Jun 24, 2025, 1:35 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox HTTPS-Only Feature Clickjacking Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating