CVE-2025-6431

Published Jun 24, 2025

Last updated 15 days ago

CVSS medium 6.5

Overview

Description: When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.
Source: security@mozilla.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-285

Hype score: Not currently trending

CVE-2025-6431 When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt… https://t.co/D96ZNj6SEX
@CVEnew
24 Jun 2025
335 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77D2BF2A-26A3-4664-93B5-B41BCF17AC9E",
            "versionEndExcluding": "140.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References