CVE-2025-5270

Summary

In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox139 <= *unaffected
MozillaThunderbird139 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References