PT-2025-9660 · Mozilla+11 · Firefox+11

Hafiizh

·

Published

2025-03-04

·

Updated

2025-07-22

·

CVE-2025-1935

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 136 Firefox ESR versions prior to 128.8
Description A web page could trick a user into setting that site as the default handler for a custom URL protocol.
Recommendations For Firefox versions prior to 136, update to version 136 or later. For Firefox ESR versions prior to 128.8, update to version 128.8 or later.

Fix

UI Misrepresentation of Critical Information

XSS

Weakness Enumeration

CWE-451CWE-79

Related Identifiers

ALSA-2025:2359
ALSA-2025:2452
ALT-PU-2025-3905
ALT-PU-2025-4001
ALT-PU-2025-4567
ALT-PU-2025-5829
ALT-PU-2025-7695
ALT-PU-2025-7697
BDU:2025-02602
CESA-2025_2452
CVE-2025-1935
DLA-4078-1
DLA-4081-1
DSA-5874-1
DSA-5876-1
INFSA-2025_2359
INFSA-2025_2452
MGASA-2025-0092
MGASA-2025-0093
OESA-2025-1265
OESA-2025-1266
OESA-2025-1267
OESA-2025-1268
OESA-2025-1835
OPENSUSE-SU-2025:14852-1
OPENSUSE-SU-2025:14853-1
OPENSUSE-SU-2025:14861-1
OPENSUSE-SU-2025:14958-1
OPENSUSE-SU-2025_0788-1
OPENSUSE-SU-2025_0849-1
RHSA-2025:2359
RHSA-2025:2452
RHSA-2025:2479
RHSA-2025:2480
RHSA-2025:2481
RHSA-2025:2484
RHSA-2025:2485
RHSA-2025:2486
RHSA-2025:2699
RHSA-2025:2708
RHSA-2025_2359
RHSA-2025_2452
SUSE-SU-2025:0783-1
SUSE-SU-2025:0788-1
SUSE-SU-2025:0849-1
SUSE-SU-2025_0783-1
USN-7334-1
USN-7663-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Firefox
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu