Authentication Bypass Vulnerability in Firefox Browser by Mozilla
CVE-2025-1941

9.1CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 4 March 2025

Summary

A vulnerability exists in the Firefox browser, where an authentication opt-in setting meant to secure the 'Focus' feature can be bypassed in specific circumstances. This flaw may allow unauthorized access to functionalities that require user authentication, potentially exposing sensitive user data. Users running versions below Firefox 136 are particularly at risk and should prioritize updating to mitigate this risk effectively.

Affected Version(s)

Firefox < 136

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1944665

https://www.mozilla.org/security/advisories/mfsa2025-14/

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2025
Vulnerability Reserved
Mar 4, 2025

Credit

Jurrie Overgoor