PT-2025-22995 · Mozilla+4 · Firefox+4

Xiulou

Published

2025-05-27

Updated

2026-02-02

CVE-2025-5270

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 139

Description The issue arises when SNI (Server Name Indication) could be sent unencrypted despite having encrypted DNS enabled. This affects Firefox, potentially exposing user data.

Recommendations For versions prior to 139, update to version 139 or later to resolve the issue.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

ALT-PU-2025-11100

ALT-PU-2025-11495

ALT-PU-2025-11497

ALT-PU-2025-14599

ALT-PU-2025-8611

ALT-PU-2025-8725

BDU:2025-06226

CVE-2025-5270

OPENSUSE-SU-2025:15196-1

USN-7991-1

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2025-22995 · Mozilla+4 · Firefox+4

CVE-2025-5270

Weakness Enumeration

Related Identifiers

Affected Products

References · 145