CVE-2025-8364

Published: Aug 19, 2025Modified: Jun 17, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 141.

Affected (1)

Products: Mozilla: Firefox

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 141.0

Running on/with	Platform Versions
Google Android	All versions

Related CWEs

User Interface (UI) Misrepresentation of Critical Information

The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

References (3)

https://bugzilla.mozilla.org/show_bug.cgi?id=1909609

Source: security@mozilla.org

Issue TrackingPermissions Required

https://bugzilla.mozilla.org/show_bug.cgi?id=1969937

Source: security@mozilla.org

Issue TrackingPermissions Required

https://www.mozilla.org/security/advisories/mfsa2025-56/

Source: security@mozilla.org

Vendor Advisory

Timeline

No history available yet.