CVE-2025-1940

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 136.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1908488	Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2025-14/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

History

03 Apr 2025, 13:30

Type	Values Removed	Values Added
Summary		(es) Una opción de selección podría ocultar parcialmente el mensaje de confirmación que se muestra antes de iniciar aplicaciones externas. Esto podría usarse para engañar a un usuario para que inicie una aplicación externa inesperadamente. Este problema solo afecta a las versiones de Firefox para Android. Esta vulnerabilidad afecta a Firefox anterior a la versión 136.
CPE		cpe:2.3:a:mozilla:firefox::::::::
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1908488 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1908488 - Issue Tracking
References	~~() https://www.mozilla.org/security/advisories/mfsa2025-14/ -~~	() https://www.mozilla.org/security/advisories/mfsa2025-14/ - Vendor Advisory
First Time		Mozilla Mozilla firefox

04 Mar 2025, 16:15

Type	Values Removed	Values Added
CWE		CWE-1021
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1

04 Mar 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-04 14:15

Updated : 2025-04-03 13:30

NVD link : CVE-2025-1940

Mitre link : CVE-2025-1940

CVE.ORG link : CVE-2025-1940

JSON object : View

Products Affected

mozilla

firefox

CWE

CWE-1021

Improper Restriction of Rendered UI Layers or Frames

7.1 /10