CVE-2025-23109

CWE-3466 documents6 sources
Severity
6.5MEDIUM
EPSS
0.9%
top 24.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Firefox FOR IOSMozilla Firefox
Timeline
PublishedJan 11
Latest updateJan 13

Description

Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS < 134.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDmozilla/firefox< 134.0
CVEListV5mozilla/firefox_for_iosunspecified134

🔴Vulnerability Details

3
OSV
CVE-2025-23109: Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox fo2025-01-13
GHSA
GHSA-6xcc-hv2v-v4r3: Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox fo2025-01-11
CVEList
CVE-2025-23109: Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox fo2025-01-11

📋Vendor Advisories

2
Debian
CVE-2025-23109: firefox - Long hostnames in URLs could be leveraged to obscure the actual host of the webs...2025
Mozilla
Mozilla Foundation Security Advisory 2025-06: CVE-2025-23109
CVE-2025-23109 (MEDIUM CVSS 6.5) | Long hostnames in URLs could be lev | cvebase.io