CVE-2025-6431
Last modified
CVE-2025-6431 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. EPSS estimates a 0.21% chance of exploitation in the next 30 days.
Description
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 140.0 |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1942716Permissions Required
- https://www.mozilla.org/security/advisories/mfsa2025-51/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-6431?
How severe is CVE-2025-6431?
How do I fix CVE-2025-6431?
Are you affected by CVE-2025-6431?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST