CVE-2025-8041 โ€” User Interface (UI) Misrepresentation of Critical Information in Mozilla Firefox

CWE-451 โ€” User Interface (UI) Misrepresentation of Critical Information6 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 89.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedAug 19

Description

In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

โ–ถNVDmozilla/firefox< 141.0

๐Ÿ”ดVulnerability Details

2
CVEList
Incorrect URL truncation in Firefox for Androidโ†—2025-08-19
โ–ถ
GHSA
GHSA-3rc5-4jr8-p23m: In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the originโ†—2025-08-19
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Debian
CVE-2025-8041: firefox - In the address bar, Firefox for Android truncated the display of URLs from the e...โ†—2025
โ–ถ
Mozilla
Mozilla Foundation Security Advisory 2025-56: CVE-2025-8041โ†—
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
[Android] URL Bar Spoof (long blob: urls can truncate real domain, bypass fix for CVE-2025-8041)โ†—2025-06-02
โ–ถ
CVE-2025-8041 โ€” Mozilla Firefox vulnerability | cvebase