Obscured Confirmation Prompt in Mozilla Firefox for Android
CVE-2025-1940

7.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 4 March 2025

Summary

A security vulnerability in Mozilla Firefox for Android allows an external application launch prompt to be partially obscured by a select option. This flaw presents a risk, as it may deceive users into unintentionally triggering external apps. Users of Firefox versions older than 136 are particularly vulnerable. Mozilla has acknowledged this issue and highlighted its potential impact on user security.

Affected Version(s)

Firefox < 136

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1908488

https://www.mozilla.org/security/advisories/mfsa2025-14/

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2025
Vulnerability Reserved
Mar 4, 2025

Credit

Shaheen Fazim