CVE-2025-0246
published 2025-01-07CVE-2025-0246: When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating…
medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
When using an invalid protocol scheme, an attacker could spoof the address bar.
*Note: This issue only affected Android operating systems. Other operating systems are unaffected.*
*Note: This issue is a different issue from CVE-2025-0244. This vulnerability was fixed in Firefox 134.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| mozilla | firefox | < 134.0 | 134.0 |
| mozilla | firefox | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
osv5.3MEDIUM
Red Hat
firefox: Address bar spoofing using an invalid protocol scheme on Firefox for Android
vendor_redhat·2025-01-07·CVSS 5.3
CVE-2025-0246 [MEDIUM] CWE-451 firefox: Address bar spoofing using an invalid protocol scheme on Firefox for Android
firefox: Address bar spoofing using an invalid protocol scheme on Firefox for Android
When using an invalid protocol scheme, an attacker could spoof the address bar.
*Note: This issue only affected Android operating systems. Other operating systems are unaffected.*
*Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134.
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory: When using an invalid protocol scheme, an attacker could spoof the address bar. Note: This issue is different than CVE-2025-0244.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. This issue only affects Android operating systems. Other operating systems are unaffected.
Package:
Debian
CVE-2025-0246: firefox - When using an invalid protocol scheme, an attacker could spoof the address bar. ...
vendor_debian·2025·CVSS 5.3
CVE-2025-0246 [MEDIUM] CVE-2025-0246: firefox - When using an invalid protocol scheme, an attacker could spoof the address bar. ...
When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2025-01: CVE-2025-0246
vendor_mozilla·CVSS 6.5
CVE-2025-0246 [MEDIUM] Mozilla Foundation Security Advisory 2025-01: CVE-2025-0246
Mozilla Foundation Security Advisory 2025-01
CVE: CVE-2025-0246
Product: Firefox
Impact: high
Fixed in: Firefox 134
GHSA
GHSA-xwpw-pxrm-39pm: When using an invalid protocol scheme, an attacker could spoof the address bar
ghsa_unreviewed·2025-01-07·CVSS 5.3
CVE-2025-0246 [MEDIUM] GHSA-xwpw-pxrm-39pm: When using an invalid protocol scheme, an attacker could spoof the address bar
When using an invalid protocol scheme, an attacker could spoof the address bar.
*Note: This issue only affected Android operating systems. Other operating systems are unaffected.*
*Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134.
OSV
CVE-2025-0246: When using an invalid protocol scheme, an attacker could spoof the address bar
osv·2025-01-07·CVSS 5.3
CVE-2025-0246 [MEDIUM] CVE-2025-0246: When using an invalid protocol scheme, an attacker could spoof the address bar
When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-07
Published