Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-1939

Опубликовано: 04 мар. 2025
Источник: redhat
CVSS3: 7.1

Описание

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136.

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could be used to trick a user into granting sensitive permissions by hiding what the user is actually clicking.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. This CVE is specific to Firefox for Android.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10firefoxFix deferred
Red Hat Enterprise Linux 10firefox-flatpak-containerFix deferred
Red Hat Enterprise Linux 6firefoxFix deferred
Red Hat Enterprise Linux 7firefoxFix deferred
Red Hat Enterprise Linux 8firefoxFix deferred
Red Hat Enterprise Linux 9firefoxFix deferred
Red Hat Enterprise Linux 9firefox-flatpak-containerFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-1021
https://bugzilla.redhat.com/show_bug.cgi?id=2349798firefox: Tapjacking in Android Custom Tabs using transition animations

7.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-1939

CVSS3: 3.9
ubuntu
10 месяцев назад

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136.

nvd логотип

CVE-2025-1939

CVSS3: 3.9
nvd
10 месяцев назад

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136.

debian логотип

CVE-2025-1939

CVSS3: 3.9
debian
10 месяцев назад

Android apps can load web pages using the Custom Tabs feature. This fe ...

github логотип

GHSA-x9h6-qwxm-528g

CVSS3: 3.9
github
10 месяцев назад

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136.

7.1 High

CVSS3