CVE-2025-1939

Published: Mar 4, 2025Modified: Jun 17, 2026

3.9

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Exploitability: 1.3 / Impact: 2.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability was fixed in Firefox 136.

Affected (1)

Products: Mozilla: Firefox

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 136.0

Related CWEs

Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

References (3)

https://bugzilla.mozilla.org/show_bug.cgi?id=1928334

Source: security@mozilla.org

Issue Tracking

https://www.mozilla.org/security/advisories/mfsa2025-14/

Source: security@mozilla.org

Vendor Advisory

https://taptrap.click

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.