CVE-2025-0245 — Missing Authentication for Critical Function in Mozilla Firefox
Severity
9.1CRITICALNVD
NVD3.3CNA3.3OSV3.3
EPSS
0.0%
top 99.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 7
Latest updateMar 4
Description
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability was fixed in Firefox 134.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4
Affected Packages1 packages
🔴Vulnerability Details
6OSV▶
CVE-2025-1941: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-↗2025-03-04
GHSA▶
GHSA-m793-xp46-r76w: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-↗2025-03-04
OSV▶
CVE-2025-0245: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed↗2025-01-07
📋Vendor Advisories
6💬Community
1Bugzilla
▶