CVE-2025-11720

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 144 Firefox Focus versions prior to 144

Description The user interface for the Android custom tab feature in Firefox and Firefox Focus displayed only the "site" loaded, and not the complete hostname. This allowed user-supplied content hosted on a subdomain to mislead users into believing it originated from a different subdomain of the same site.

Recommendations Update Firefox to version 144 or later. Update Firefox Focus to version 144 or later.

Fix

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-451

Related Identifiers

ALT-PU-2025-13476

BDU:2025-14553

CVE-2025-11720

OPENSUSE-SU-2025:15645-1

Affected Products

Alt Linux

Firefox

Firefox Focus

CVE-2025-11720

Weakness Enumeration

Related Identifiers

Affected Products

References · 28