CVE-2025-1939: Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into…

CVE-2025-71107 f2fs: ensure node page reads complete before f2fs_put_super() finishes f2fs: ensure node page reads complete before f2fs_put_super() finishes In the Linux kernel, the following vulnerability has been resolved: f2fs: ensure node page reads complete before f2fs_put_super() finishes Xfstests generic/335, generic/336 sometimes crash with the following message: F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1 ------------[ cut here ]------------ kernel BUG at fs/f2fs/super.c:1939! Oops: invalid opcode: 0000 [#1] SMP NOPTI CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none) Tainted: [W]=WARN Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:f2fs_put_super+0x3b3/0x3c0 Call Trace: generic_shutdown_super+0x7e/0x190 kill_bloc

CVE-2025-1939 [LOW] CWE-359 GHSA-x9h6-qwxm-528g: Android apps can load web pages using the Custom Tabs feature Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136.

CVE-2025-1939 [LOW] CVE-2025-1939: Android apps can load web pages using the Custom Tabs feature Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136.

CVE-2025-71107 [MEDIUM] kernel: f2fs: ensure node page reads complete before f2fs_put_super() finishes kernel: f2fs: ensure node page reads complete before f2fs_put_super() finishes In the Linux kernel, the following vulnerability has been resolved: f2fs: ensure node page reads complete before f2fs_put_super() finishes Xfstests generic/335, generic/336 sometimes crash with the following message: F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1 ------------[ cut here ]------------ kernel BUG at fs/f2fs/super.c:1939! Oops: invalid opcode: 0000 [#1] SMP NOPTI CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none) Tainted: [W]=WARN Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:f2fs_put_super+0x3b3/0x3c0 Call Trace: generic_shutdown_super+0x7e/0x190 kill

CVE-2025-1939 [LOW] CWE-1021 firefox: Tapjacking in Android Custom Tabs using transition animations firefox: Tapjacking in Android Custom Tabs using transition animations Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136. A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could be used to trick a user into granting sensitive permissions by hiding what the user is actually clicking. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Adviso

CVE-2025-1939 [LOW] CVE-2025-1939: firefox - Android apps can load web pages using the Custom Tabs feature. This feature supp... Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136. Scope: local sid: resolved

CVE-2025-1939 [LOW] Mozilla Foundation Security Advisory 2025-14: CVE-2025-1939 Mozilla Foundation Security Advisory 2025-14 CVE: CVE-2025-1939 Product: Firefox Impact: high Fixed in: Firefox 136