Custom Tabs Vulnerability in Firefox by Mozilla
CVE-2025-1939

3.9LOW

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 4 March 2025

What is CVE-2025-1939?

A flaw in the Custom Tabs feature of Firefox enables Android applications to load web pages in a way that can deceive users. By employing a transition animation, attackers might mislead users into inadvertently granting sensitive permissions, while obscuring the true nature of the interactive elements. This poses significant risks to user data security and privacy on affected versions of Firefox.

Affected Version(s)

Firefox < 136

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1928334

https://www.mozilla.org/security/advisories/mfsa2025-14/

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2025
Vulnerability Reserved
Mar 4, 2025

Credit

Philipp Beer