CVE-2025-1940
HIGHDescription
A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox 136.
Is your site exposed to CVE-2025-1940?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| mozilla | firefox |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-1940? +
How severe is CVE-2025-1940? +
What products are affected by CVE-2025-1940? +
How do I check if I'm vulnerable to CVE-2025-1940? +
Related Vulnerabilities
The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted …
Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser …
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions …
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open …
A select option could partially obscure security prompts. This could be used by a malicious site to trick a user …
Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform …