UBUNTU-CVE-2025-11718

When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144...

UBUNTU-CVE-2025-11716

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144...

UBUNTU-CVE-2025-11717

When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability was fixed in Firefox 144...

CVE-2025-11720

Summary of CVE-2025-11720 : The issue affects Mozilla Firefox (including Firefox for Android) where the Custom Tabs UI only shows the base site hostname, not the full hostname. This can enable user deception when content from a subdomain is hosted to resemble content from another subdomain of the...

CVE-2025-11720

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This...

CVE-2025-11720 Spoofing risk in Android custom tabs

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This...

CVE-2025-11720 Spoofing risk in Android custom tabs

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This...

CVE-2025-11720

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This...

CVE-2025-11718

CVE-2025-11718 affects Mozilla Firefox versions earlier than 144. The issue allows a malicious page to spoof the address bar by creating a fake bar in response to a visibilitychange event when the Android address bar is hidden after scrolling. Impact is spoofing UI and potential user deception; n...

CVE-2025-11717

CVE-2025-11717 affects Mozilla Firefox versions earlier than 144. The issue occurs when switching between Android apps via the card carousel, causing a black screen for the card image if a password-related screen was the last used; before 144, the password edit screen was visible. Practical impac...

CVE-2025-11717 The password edit screen was not hidden in Android card view

When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability was fixed in Firefox 144...

CVE-2025-11717 The password edit screen was not hidden in Android card view

When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability was fixed in Firefox 144...

CVE-2025-11718

When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144...

CVE-2025-11718 Address bar could be spoofed on Android using visibilitychange

When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144...

CVE-2025-11717

When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability was fixed in Firefox 144...

CVE-2025-11718 Address bar could be spoofed on Android using visibilitychange

When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144...

EUVD-2025-34195

When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event This vulnerability affects Firefox 144...

CVE-2025-11718

When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144...

CVE-2025-11717

When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability was fixed in Firefox 144...

CVE-2025-11716

CVE-2025-11716 affects Firefox and Thunderbird prior to version 144. The issue arises when links in a sandboxed iframe can trigger an external Android app without the required allow- permission, enabling potential unintended app launches. Reported as part of a broader Mozilla 2025- era set of fix...