URL Opening Vulnerability in Firefox for iOS by Mozilla
CVE-2025-27425

4.3MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 4 March 2025

What is CVE-2025-27425?

This vulnerability allows certain QR codes containing text with a website URL to be opened directly without a user confirmation prompt. Users of Firefox for iOS versions prior to 136 may unknowingly navigate to potentially malicious sites, posing a risk of phishing or other security threats. It highlights the importance of user awareness when interacting with automated URL openings from QR codes.

Affected Version(s)

Firefox for iOS 136

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1941525

https://www.mozilla.org/security/advisories/mfsa2025-13/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2025
Vulnerability Reserved
Feb 24, 2025

Credit

Abhinav Khanna

CVE-2025-27425 Data

JSON