Primary

Context

Mozilla Firefox Tapjacking Vulnerability in Android Custom Tabs

Vulnerability

Patched

A tapjacking vulnerability has been identified in Mozilla Firefox for Android, prior to version 136. This issue arises within the Custom Tabs feature, which allows Android apps to load web pages. The vulnerability exploits the transition animation of Custom Tabs, potentially misleading users into granting sensitive permissions by obscuring what they were actually interacting with.

Impact

Exploitation of this vulnerability could lead to unauthorized permission grants, allowing apps to access sensitive user data or features.

Remediation

Users can update to Firefox version 136 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

1.3

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

1.3

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox Tapjacking Vulnerability in Android Custom Tabs

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating