The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Mozilla
Information Disclosure
Firefox
Firefox Esr
Thunderbird
NVD
CVSS 3.1
3.1
EPSS
0.9%