CVE-2025-3859

CWE-601 — Open Redirect CWE-4515 documents5 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 63.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Focus Mozilla Firefox Focus

Timeline

PublishedApr 30

Description

Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus < 138.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5mozilla/focusunspecified — 138

▶NVDmozilla/firefox_focus< 138.0

🔴Vulnerability Details

CVEList

CVE-2025-3859: Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick us↗2025-04-30

▶

GHSA

GHSA-4jh7-c2vv-7qf2: Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick us↗2025-04-30

▶

📋Vendor Advisories

Mozilla

Mozilla Foundation Security Advisory 2025-33: CVE-2025-3859↗

▶