CVE-2025-8204: 
NixOS vulnerability analysis and mitigation

A vulnerability classified as problematic was discovered in Comodo Dragon browser versions up to 134.0.6998.179, identified as CVE-2025-8204. The vulnerability affects the HSTS (HTTP Strict Transport Security) Handler component and involves improper implementation of security checks for standard protocols. The issue was initially disclosed on July 25, 2025, and the vendor was contacted but did not respond to the disclosure (VulDB, NVD).

The vulnerability stems from an improperly implemented security check in the HSTS Handler component (CWE-358). By default, while normal browsers like Chromium prevent users from connecting to websites with invalid certificates when HSTS is enabled, Comodo Dragon has HSTS disabled. This allows users to proceed to websites with invalid certificates by clicking on the "Proceed to website" option. The vulnerability has received a CVSS v3.1 base score of 3.7 (LOW) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N (NVD, FMISec).

The vulnerability allows attackers to potentially direct users to spoofed websites despite invalid SSL certificates, which would normally be blocked by HSTS security measures. This creates a risk where users might unknowingly connect to malicious websites, potentially exposing them to phishing attacks and other security threats (FMISec).

No official patches or mitigations have been provided by the vendor as they have not responded to the disclosure. It is recommended to consider using alternative browsers that properly implement HSTS security measures (VulDB).