CVE-2025-27424
published 2025-03-04CVE-2025-27424: Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was fixed in Firefox for iOS…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was fixed in Firefox for iOS 136.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| mozilla | firefox | < 136.0 | 136.0 |
| mozilla | firefox | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv4.3MEDIUM
Red Hat
diffusers: Hugging Face Diffusers: Remote Code Execution via Deserialization of Untrusted Data
vendor_redhat·2025-12-23·CVSS 7.8
CVE-2025-14922 [HIGH] CWE-502 diffusers: Hugging Face Diffusers: Remote Code Execution via Deserialization of Untrusted Data
diffusers: Hugging Face Diffusers: Remote Code Execution via Deserialization of Untrusted Data
Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Diffusers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of checkpoints. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27424.
A flaw was found in Hugging Face Diff
Debian
CVE-2025-27424: firefox - Websites redirecting to a non-HTTP scheme URL could allow a website address to b...
vendor_debian·2025·CVSS 4.3
CVE-2025-27424 [MEDIUM] CVE-2025-27424: firefox - Websites redirecting to a non-HTTP scheme URL could allow a website address to b...
Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2025-13: CVE-2025-27424
vendor_mozilla·CVSS 4.3
CVE-2025-27424 [MEDIUM] Mozilla Foundation Security Advisory 2025-13: CVE-2025-27424
Mozilla Foundation Security Advisory 2025-13
CVE: CVE-2025-27424
Product: Firefox for iOS
Impact: low
Fixed in: Firefox for iOS 136
OSV
CVE-2025-27424: Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for
osv·2025-03-04·CVSS 4.3
CVE-2025-27424 [MEDIUM] CVE-2025-27424: Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for
Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136.
GHSA
GHSA-m2rp-964h-h237: Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for
ghsa_unreviewed·2025-03-04
CVE-2025-27424 [MEDIUM] CWE-601 GHSA-m2rp-964h-h237: Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for
Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-04
Published