CVE-2025-0245: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability was…

CVE-2025-1941 [LOW] CVE-2025-1941: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE- Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136.

CVE-2025-1941 [LOW] CWE-284 GHSA-m793-xp46-r76w: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE- Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136.

CVE-2025-0245 [LOW] CVE-2025-0245: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134.

CVE-2025-0245 [LOW] GHSA-2g52-qw8q-wfr9: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134.

CVE-2025-1941 [LOW] CWE-306 firefox: Lock screen setting bypass in Firefox Focus for Android firefox: Lock screen setting bypass in Firefox Focus for Android Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136. A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could be bypassed (distinct from CVE-2025-0245). Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. This CVE is specific to Firefox Focus for Android. No Red Hat products are affected. Package: firefox (Red Hat Enterprise Linux 10) - Fix deferre

CVE-2025-0245 [LOW] CWE-288 firefox: Lock screen setting bypass in Firefox Focus for Android firefox: Lock screen setting bypass in Firefox Focus for Android Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134. The Mozilla Foundation's Security Advisory: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could be bypassed. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. This vulnerability is specific to Firefox Focus in Android. Red Hat is not affected. Package: firefox (Red Hat Enterprise Linux 10) - Not affected Package: firefox (Red Hat Enterprise Linux 6) - Not affected Package: firefox (Red Hat Enterprise Linux 7) - Not af

CVE-2025-0245 [LOW] CVE-2025-0245: firefox - Under certain circumstances, a user opt-in setting that Focus should require aut... Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134. Scope: local sid: resolved

CVE-2025-1941 [LOW] CVE-2025-1941: firefox - Under certain circumstances, a user opt-in setting that Focus should require aut... Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136. Scope: local sid: resolved

CVE-2025-0245 [LOW] Mozilla Foundation Security Advisory 2025-14: CVE-2025-0245 Mozilla Foundation Security Advisory 2025-14 CVE: CVE-2025-0245 Product: Firefox Impact: high Fixed in: Firefox 136

CVE-2025-0245 [LOW] Mozilla Foundation Security Advisory 2025-01: CVE-2025-0245 Mozilla Foundation Security Advisory 2025-01 CVE: CVE-2025-0245 Product: Firefox Impact: high Fixed in: Firefox 134

[LOW] Firefox Focus security bug: "Use fingerprint to unlock app" bypass (new variant) Firefox Focus security bug: "Use fingerprint to unlock app" bypass (new variant) Created attachment 9462612 Firefox Focus unlock bug 2.webm In Firefox Focus there is a setting that says "Use fingerprint to unlock app". When enabled, the user must first authenticate. The app should be locked if the user does not authenticate. The bug is that this authentication step can be circumvented allowing fully access to the app (including browser history by pressing the "page back" button, and including the ability to switch to other open tabs). I reported a similar bug earlier: bug 1895342 (CVE-2025-0245). I believe this bug is new, because: - It can be triggered on version 134.0.1 and 134.0.2, and bug 1895342 is fixed in 134) - It is not triggered in exactly the same way (requires clicking sear