CVE-2025-5270: Vulnerability in Mozilla Firefox
In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139.
AI Analysis
Technical Summary
This vulnerability involves the leakage of the Server Name Indication (SNI) in certain cases where it was sent unencrypted even though encrypted DNS was enabled in Mozilla Firefox. The SNI is part of the TLS handshake and can reveal the hostname a user is connecting to, potentially exposing browsing activity. The issue was fixed in Firefox 139. The CVSS 3.1 score of 7.5 reflects a network attack vector with low attack complexity, no privileges or user interaction required, and high confidentiality impact but no integrity or availability impact.
Potential Impact
The impact is the potential exposure of the hostname information via unencrypted SNI, which could allow an attacker monitoring network traffic to infer which sites a user is visiting despite encrypted DNS being enabled. This compromises confidentiality but does not affect integrity or availability. No known exploitation in the wild has been reported.
Mitigation Recommendations
This vulnerability has been fixed in Mozilla Firefox version 139. Users and administrators should update to Firefox 139 or later to remediate this issue. Since the fix is officially released by Mozilla, no additional mitigation steps are required beyond applying the update.
CVE-2025-5270: Vulnerability in Mozilla Firefox
Description
In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves the leakage of the Server Name Indication (SNI) in certain cases where it was sent unencrypted even though encrypted DNS was enabled in Mozilla Firefox. The SNI is part of the TLS handshake and can reveal the hostname a user is connecting to, potentially exposing browsing activity. The issue was fixed in Firefox 139. The CVSS 3.1 score of 7.5 reflects a network attack vector with low attack complexity, no privileges or user interaction required, and high confidentiality impact but no integrity or availability impact.
Potential Impact
The impact is the potential exposure of the hostname information via unencrypted SNI, which could allow an attacker monitoring network traffic to infer which sites a user is visiting despite encrypted DNS being enabled. This compromises confidentiality but does not affect integrity or availability. No known exploitation in the wild has been reported.
Mitigation Recommendations
This vulnerability has been fixed in Mozilla Firefox version 139. Users and administrators should update to Firefox 139 or later to remediate this issue. Since the fix is officially released by Mozilla, no additional mitigation steps are required beyond applying the update.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-05-27T12:29:28.241Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 6835b383182aa0cae2110aff
Added to database: 5/27/2025, 12:43:47 PM
Last enriched: 4/14/2026, 11:50:20 AM
Last updated: 5/8/2026, 8:56:26 PM
Views: 110
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.