Cross-Site Scripting Vulnerability in Firefox by Mozilla
CVE-2025-11152

8.6HIGH

Key Information:

Vendor

Mozilla
Status
Firefox
Vendor
CVE Published:
30 September 2025

What is CVE-2025-11152?

A Cross-Site Scripting vulnerability has been identified in Firefox versions prior to 143.0.3, which may allow an attacker to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions or data exposure.

Affected Version(s)

Firefox < 143.0.3

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1987246
https://www.mozilla.org/security/advisories/mfsa2025-80/

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Oskar L
JSON
.