CVE-2025-11716

Опубликовано: 14 окт. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144.

Ссылки

https://bugzilla.mozilla.org/show_bug.cgi?id=1818679
Issue Tracking
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2025-81/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-84/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Версия до 144.0 (исключая)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Версия до 144.0 (исключая)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00028

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-284

Связанные уязвимости

CVE-2025-11716

CVSS3: 6.5

ubuntu

20 дней назад

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144.

CVE-2025-11716

CVSS3: 6.5

debian

20 дней назад

Links in a sandboxed iframe could open an external app on Android with ...

GHSA-p8g8-q63w-8jgm

CVSS3: 6.5

github

20 дней назад

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144.

EPSS

Процентиль: 7%

0.00028

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-284