Vulnerability CVE-2025-1940: Information

Description

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox 136.

Severity: HIGH (7.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
URL: https://nvd.nist.gov/vuln/detail/CVE-2025-1940
Published: March 4, 2025
Modified: April 13, 2026
Error type identifier: CWE-1021

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus136.0-alt1150.0.2-alt1ALT-PU-2025-4104-3376916Fixed
firefoxsisyphus_riscv64137.0.2-alt0.port149.0.2-alt0.portALT-PU-2025-5736-1-Fixed
firefoxsisyphus_loongarch64136.0.1-alt0.port149.0.2-alt0.portALT-PU-2025-4467-1-Fixed
firefoxp11136.0.2-alt1149.0-alt1ALT-PU-2025-4567-3378599Fixed
firefoxp10138.0.1-alt0.p10.1141.0.2-alt0.p10.1ALT-PU-2025-7697-3385484Fixed
firefoxc10f2141.0.3-alt0.c10f2.1141.0.3-alt0.c10f2.1ALT-PU-2025-11607-6394393Fixed
firefox-esrsisyphus140.2.0-alt2140.9.1-alt1ALT-PU-2025-11092-4393694Fixed
firefox-esrsisyphus_loongarch64140.9.1-alt0.port140.9.1-alt0.portALT-PU-2026-6293-1-Fixed
firefox-esrp11140.2.0-alt2140.9.1-alt1ALT-PU-2025-11100-5393714Fixed
firefox-esrp10140.4.0-alt0.p10.1140.9.1-alt0.p10.1ALT-PU-2025-14599-5396669Fixed
firefox-esrc10f2140.2.0-alt0.c10.1140.9.1-alt1ALT-PU-2025-11165-5393749Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1908488
  • Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2025-14/
  • Vendor Advisory
    1. cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excluding
      136.0
VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
Version: v26.2.2
Back to top