CVE-2025-0239

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-0239

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-0239.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-0239

Downstream

DEBIAN-CVE-2025-0239

DLA-4011-1

DLA-4012-1

DSA-5839-1

DSA-5841-1

OESA-2025-1049

OESA-2025-1050

OESA-2025-1835

RHSA-2025:0080

RHSA-2025:0132

RHSA-2025:0133

RHSA-2025:0134

RHSA-2025:0135

RHSA-2025:0136

RHSA-2025:0137

RHSA-2025:0138

RHSA-2025:0144

RHSA-2025:0147

RHSA-2025:0162

RHSA-2025:0165

RHSA-2025:0166

RHSA-2025:0167

RHSA-2025:0275

RHSA-2025:0281

RHSA-2025:0284

RHSA-2025:0286

RHSA-2025:0287

RLSA-2025:0144

SUSE-SU-2025:0056-1

SUSE-SU-2025:0059-1

SUSE-SU-2025:0080-1

UBUNTU-CVE-2025-0239

USN-7191-1

USN-7991-1

openSUSE-SU-2025:14619-1

openSUSE-SU-2025:14630-1

openSUSE-SU-2025:14648-1

openSUSE-SU-2025:14764-1

Related

Withdrawn

2026-01-27T04:19:53.221168Z

Published

2025-01-07T16:15:38Z

Modified

2026-01-27T04:19:53.221168Z

Summary

[none]

Details

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

References

Affected packages