We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134.
Reserved 2025-01-06 | Published 2025-01-07 | Updated 2025-01-08 | Assigner mozillaAddress bar spoofing using an invalid protocol scheme on Firefox for Android
James Lee
bugzilla.mozilla.org/show_bug.cgi?id=1912709
www.mozilla.org/security/advisories/mfsa2025-01/
Support options