Primary

Context

Mozilla Firefox and Thunderbird Sandboxed Iframe Permission Vulnerability on Android

Vulnerability

Patched

A vulnerability exists in Mozilla Firefox versions prior to 144 and Thunderbird versions prior to 144, where links in sandboxed iframes could open external applications on Android without the necessary 'allow-' permission. This issue could potentially be exploited to bypass intended restrictions and launch apps, possibly leading to unauthorized actions or data access.

Impact

Exploitation of this vulnerability could allow links in sandboxed iframes to open external applications on Android, bypassing permission requirements and potentially leading to unauthorized actions or data access.

Remediation

Users can update to Firefox 144 or Thunderbird 144 to address this vulnerability.

Added: Oct 14, 2025, 1:26 PM

Updated: Oct 14, 2025, 11:40 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox and Thunderbird Sandboxed Iframe Permission Vulnerability on Android

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

Mozilla Thunderbird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating