CVE-2025-3035Exposure of Private Personal Information to an Unauthorized Actor in Mozilla Firefox

CWE-359Exposure of Private Personal Information to an Unauthorized ActorCWE-20Improper Input Validation7 documents7 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 45.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedApr 1
Latest updateJun 18

Description

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDmozilla/firefox< 137.0

🔴Vulnerability Details

3
OSV
CVE-2025-3035: By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat promp2025-04-01
CVEList
Tab title disclosure across pages when using AI chatbot2025-04-01
GHSA
GHSA-p549-c3cg-f4qm: By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat promp2025-04-01

📋Vendor Advisories

3
Red Hat
kernel: wifi: mt76: disable napi on driver removal2025-06-18
Debian
CVE-2025-3035: firefox - By first using the AI chatbot in one tab and later activating it in another tab,...2025
Mozilla
Mozilla Foundation Security Advisory 2025-20: CVE-2025-3035
CVE-2025-3035 — Mozilla Firefox vulnerability | cvebase