Primary

Context

Mozilla Firefox Intent Confirmation Prompt Tapjacking Vulnerability on Android

Vulnerability

Patched

A tapjacking vulnerability has been identified in the Android version of Mozilla Firefox, prior to version 136. This issue involves a select option that can partially obscure the confirmation prompt displayed before launching external applications. As a result, a user could be misled into unintentionally opening an external app.

Impact

Exploitation of this vulnerability could lead to unintended interactions with external applications, potentially allowing for the misuse of app permissions or functionalities.

Remediation

Users can update to Firefox version 136 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox Intent Confirmation Prompt Tapjacking Vulnerability on Android

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating