PT-2025-26725 · Mozilla+2 · Firefox For Android+2

·

CVE-2025-6428

·

Published

2025-06-24

·

Updated

2025-11-19

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions: Firefox for Android versions prior to 140
Description: The issue allows an attacker to potentially lead to phishing attacks by following a provided URL in a link querystring parameter instead of the correct URL. This affects Firefox for Android, with other versions of Firefox being unaffected.
Recommendations: For Firefox for Android versions prior to 140, update to version 140 or later to resolve the issue. As a temporary workaround, consider avoiding the use of link querystring parameters until the update is applied.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

ALT-PU-2025-11100
ALT-PU-2025-11497
ALT-PU-2025-14599
ALT-PU-2025-8725
BDU:2025-07651
CVE-2025-6428
OPENSUSE-SU-2025:15325-1
OPENSUSE-SU-2025:15371-1
SUSE-SU-2025:02339-1
SUSE-SU-2025:02529-1
SUSE-SU-2025_02339-1
SUSE-SU-2025_02529-1

Affected Products

Alt Linux
Firefox For Android
Suse