CVE-2025-8364

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack.
*Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 141.
UI
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
mozillaCNA
---
---
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
mozillafirefox
𝑥
< 141.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firefox
sid
142.0-1
fixed
Common Weakness Enumeration
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1909609
https://bugzilla.mozilla.org/show_bug.cgi?id=1969937
https://www.mozilla.org/security/advisories/mfsa2025-56/