Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-0246

Опубликовано: 07 янв. 2025
Источник: redhat
CVSS3: 5.4

Описание

When using an invalid protocol scheme, an attacker could spoof the address bar. Note: This issue only affected Android operating systems. Other operating systems are unaffected. *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134.

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory: When using an invalid protocol scheme, an attacker could spoof the address bar. Note: This issue is different than CVE-2025-0244.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. This issue only affects Android operating systems. Other operating systems are unaffected.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10firefoxNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 9firefoxNot affected
Red Hat Enterprise Linux 9firefox:flatpak/firefoxNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-451
https://bugzilla.redhat.com/show_bug.cgi?id=2336183firefox: Address bar spoofing using an invalid protocol scheme on Firefox for Android

5.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-0246

CVSS3: 6.5
ubuntu
10 месяцев назад

When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134.

nvd логотип

CVE-2025-0246

CVSS3: 6.5
nvd
10 месяцев назад

When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134.

debian логотип

CVE-2025-0246

CVSS3: 6.5
debian
10 месяцев назад

When using an invalid protocol scheme, an attacker could spoof the add ...

github логотип

GHSA-xwpw-pxrm-39pm

CVSS3: 6.5
github
10 месяцев назад

When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134.

fstec логотип

BDU:2025-02405

CVSS3: 6.5
fstec
10 месяцев назад

Уязвимость браузера Mozilla Firefox, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю подменить адресную строку

5.4 Medium

CVSS3