CVE-2025-8042
published 2025-08-19CVE-2025-8042: Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability was fixed in Firefox 141.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability was fixed in Firefox 141.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| mozilla | firefox | < 141.0 | 141.0 |
| mozilla | firefox | — | — |