CVE-2025-0244Open Redirect in Mozilla Firefox

CWE-601Open RedirectCWE-451User Interface (UI) Misrepresentation of Critical Information13 documents7 sources
Severity
6.5MEDIUMNVD
NVD5.3CNA5.3OSV5.3
EPSS
7.5%
top 8.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedJan 7

Description

When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 134.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDmozilla/firefox< 134.0

🔴Vulnerability Details

6
CVEList
Address bar spoofing using an invalid protocol scheme on Firefox for Android2025-01-07
GHSA
GHSA-xwpw-pxrm-39pm: When using an invalid protocol scheme, an attacker could spoof the address bar2025-01-07
GHSA
GHSA-68r8-f4jc-vc2p: When redirecting to an invalid protocol scheme, an attacker could spoof the address bar2025-01-07
OSV
CVE-2025-0244: When redirecting to an invalid protocol scheme, an attacker could spoof the address bar2025-01-07
OSV
CVE-2025-0246: When using an invalid protocol scheme, an attacker could spoof the address bar2025-01-07

📋Vendor Advisories

5
Red Hat
firefox: Address bar spoofing using an invalid protocol scheme on Firefox for Android2025-01-07
Red Hat
firefox: Address bar spoofing using an invalid protocol scheme on Firefox for Android2025-01-07
Debian
CVE-2025-0244: firefox - When redirecting to an invalid protocol scheme, an attacker could spoof the addr...2025
Debian
CVE-2025-0246: firefox - When using an invalid protocol scheme, an attacker could spoof the address bar. ...2025
Mozilla
Mozilla Foundation Security Advisory 2025-01: CVE-2025-0244
CVE-2025-0244 — Open Redirect in Mozilla Firefox | cvebase