Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-1941

Опубликовано: 04 мар. 2025
Источник: redhat
CVSS3: 5.4
EPSS Низкий

Описание

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136.

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could be bypassed (distinct from CVE-2025-0245).

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. This CVE is specific to Firefox Focus for Android. No Red Hat products are affected.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10firefoxFix deferred
Red Hat Enterprise Linux 10firefox-flatpak-containerFix deferred
Red Hat Enterprise Linux 6firefoxFix deferred
Red Hat Enterprise Linux 7firefoxFix deferred
Red Hat Enterprise Linux 8firefoxFix deferred
Red Hat Enterprise Linux 9firefoxFix deferred
Red Hat Enterprise Linux 9firefox-flatpak-containerFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-306
https://bugzilla.redhat.com/show_bug.cgi?id=2349785firefox: Lock screen setting bypass in Firefox Focus for Android

EPSS

Процентиль: 42%
0.00198
Низкий

5.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-1941

CVSS3: 9.1
ubuntu
5 месяцев назад

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136.

nvd логотип

CVE-2025-1941

CVSS3: 9.1
nvd
5 месяцев назад

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136.

debian логотип

CVE-2025-1941

CVSS3: 9.1
debian
5 месяцев назад

Under certain circumstances, a user opt-in setting that Focus should r ...

github логотип

GHSA-m793-xp46-r76w

CVSS3: 9.1
github
5 месяцев назад

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136.

fstec логотип

BDU:2025-02880

CVSS3: 9.1
fstec
5 месяцев назад

Уязвимость браузера Mozilla Firefox Focus, связанная с ошибками разграничения доступа, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 42%
0.00198
Низкий

5.4 Medium

CVSS3