Primary

Context

Mozilla Firefox for Android Sandbox Bypass Vulnerability Allowing Unauthorized Downloads

Vulnerability

Patched

A vulnerability in Firefox for Android versions prior to 141 allowed sandboxed iframes, lacking the 'allow-downloads' attribute, to initiate downloads. This issue represents a breach of the iframe's sandbox restrictions, potentially leading to unauthorized file downloads.

Impact

This vulnerability could be exploited to bypass iframe sandboxing, allowing for unauthorized downloads to be initiated on the user's device.

Remediation

Users can update to Firefox for Android version 141 or later to address this vulnerability.

Added: Aug 19, 2025, 9:29 PM

Updated: Aug 19, 2025, 9:29 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox for Android Sandbox Bypass Vulnerability Allowing Unauthorized Downloads

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating