CVE-2025-11720

EPSS 0.05%
Veröffentlicht 14.10.2025 12:27:38
Zuletzt bearbeitet 15.10.2025 18:10:00
Quelle security@mozilla.org
CVE-Watchlists
Login
Unerledigt
Login

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability affects Firefox < 144.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 144.0

Google ≫ Android Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.143

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-451 User Interface (UI) Misrepresentation of Critical Information

The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

https://www.mozilla.org/security/advisories/mfsa2025-81/

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1979534

Issue Tracking

Permissions Required

https://bugzilla.mozilla.org/show_bug.cgi?id=1984370

Issue Tracking

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2025-11720

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-11720

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-11720

EUVD