CVE-2025-0246User Interface (UI) Misrepresentation of Critical Information in Mozilla Firefox

CWE-451User Interface (UI) Misrepresentation of Critical Information7 documents7 sources
Severity
6.5MEDIUMNVD
CNA5.3OSV5.3
EPSS
0.1%
top 66.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedJan 7

Description

When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability was fixed in Firefox 134.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

NVDmozilla/firefox< 134.0

🔴Vulnerability Details

3
CVEList
Address bar spoofing using an invalid protocol scheme on Firefox for Android2025-01-07
GHSA
GHSA-xwpw-pxrm-39pm: When using an invalid protocol scheme, an attacker could spoof the address bar2025-01-07
OSV
CVE-2025-0246: When using an invalid protocol scheme, an attacker could spoof the address bar2025-01-07

📋Vendor Advisories

3
Red Hat
firefox: Address bar spoofing using an invalid protocol scheme on Firefox for Android2025-01-07
Debian
CVE-2025-0246: firefox - When using an invalid protocol scheme, an attacker could spoof the address bar. ...2025
Mozilla
Mozilla Foundation Security Advisory 2025-01: CVE-2025-0246
CVE-2025-0246 — Mozilla Firefox vulnerability | cvebase