CVE-2025-8364User Interface (UI) Misrepresentation of Critical Information in Mozilla Firefox

CWE-451User Interface (UI) Misrepresentation of Critical Information5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 90.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedAug 19

Description

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 141.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDmozilla/firefox< 141.0

🔴Vulnerability Details

2
GHSA
GHSA-c4g9-q4rc-577f: A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack2025-08-19
CVEList
Address bar spoofing using an blob URI on Firefox for Android2025-08-19

📋Vendor Advisories

2
Debian
CVE-2025-8364: firefox - A crafted URL using a blob: URI could have hidden the true origin of the page, r...2025
Mozilla
Mozilla Foundation Security Advisory 2025-56: CVE-2025-8364
CVE-2025-8364 — Mozilla Firefox vulnerability | cvebase