CVE-2025-8364

Опубликовано: 19 авг. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. Note: This issue only affected Android operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 141.

Ссылки

https://bugzilla.mozilla.org/show_bug.cgi?id=1909609
Issue Tracking
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1969937
Issue Tracking
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2025-56/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*

Версия до 141.0 (исключая)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00031

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-451

Связанные уязвимости

CVE-2025-8364

CVSS3: 4.3

debian

8 дней назад

A crafted URL using a blob: URI could have hidden the true origin of t ...

GHSA-c4g9-q4rc-577f

CVSS3: 4.3

github

8 дней назад

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 141.

EPSS

Процентиль: 7%

0.00031

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-451