User Interface Vulnerability in Firefox and Firefox Focus for Android
CVE-2025-11720

Currently unrated

Key Information:

Vendor

Mozilla
Status
Firefox
Vendor
CVE Published:
14 October 2025

What is CVE-2025-11720?

A user interface vulnerability in Firefox and Firefox Focus on Android allows attackers to exploit the custom tab feature. The issue arises as the UI displays only the site that is loaded, potentially leading users to be misled about the origin of content. This could enable an attacker to trick the user into believing they are interacting with a legitimate subdomain when, in fact, they are not. As a result, sensitive information could be exposed to unauthorized parties, emphasizing the need for users to remain vigilant when accessing content from various domains.

Affected Version(s)

Firefox < 144

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1979534
https://bugzilla.mozilla.org/show_bug.cgi?id=1984370
https://www.mozilla.org/security/advisories/mfsa2025-81/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michel Le Bihan
JSON
.
CVE-2025-11720 : User Interface Vulnerability in Firefox and Firefox Focus for Android