Primary

Context

Mozilla Firefox and Firefox Focus Spoofing Vulnerability in Android Custom Tabs

Vulnerability

Patched

A spoofing vulnerability has been identified in the Firefox and Firefox Focus browsers for Android, specifically within the custom tab feature. The issue arises because the UI only displays the 'site' that is loaded, rather than the full hostname. This limitation could be exploited by user-supplied content hosted on a subdomain, potentially misleading users into believing it was content from a different subdomain of the same site. The vulnerability affects Firefox versions prior to 144.

Impact

Exploitation of this vulnerability could lead to user deception regarding the origin of content displayed in custom tabs, creating a risk of phishing or similar attacks.

Remediation

Users can upgrade to Firefox 144 or later to address this vulnerability.

Added: Oct 14, 2025, 1:24 PM

Updated: Oct 14, 2025, 11:37 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox and Firefox Focus Spoofing Vulnerability in Android Custom Tabs

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

Mozilla Firefox Focus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating