User Interface Vulnerability in Firefox and Firefox Focus for Android
CVE-2025-11720

8.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-11720?

A user interface vulnerability in Firefox and Firefox Focus on Android allows attackers to exploit the custom tab feature. The issue arises as the UI displays only the site that is loaded, potentially leading users to be misled about the origin of content. This could enable an attacker to trick the user into believing they are interacting with a legitimate subdomain when, in fact, they are not. As a result, sensitive information could be exposed to unauthorized parties, emphasizing the need for users to remain vigilant when accessing content from various domains.

Affected Version(s)

Firefox < 144

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1979534

https://bugzilla.mozilla.org/show_bug.cgi?id=1984370

https://www.mozilla.org/security/advisories/mfsa2025-81/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Oct 13, 2025

Credit

Michel Le Bihan

JSON

Mozilla

What is CVE-2025-11720?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit