{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11718", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-10-13T19:50:18.353Z", "datePublished": "2025-10-14T12:27:37.866Z", "dateUpdated": "2026-04-13T14:31:20.787Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "144", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144."}]}], "title": "Address bar could be spoofed on Android using visibilitychange", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980808"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/"}], "credits": [{"lang": "en", "value": "Hafiizh & kang ali"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:20.787Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-451", "lang": "en", "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-10-15T13:20:18.439705Z", "id": "CVE-2025-11718", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-15T13:24:40.568Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-11718", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-15T13:20:18.439705Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-451", "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-15T13:20:21.053Z"}}], "cna": {"title": "Address bar could be spoofed on Android using visibilitychange", "credits": [{"lang": "en", "value": "Hafiizh & kang ali"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "144", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980808"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/"}], "descriptions": [{"lang": "en", "value": "When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144.", "supportingMedia": [{"type": "text/html", "value": "When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:20.787Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11718", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:31:20.787Z", "dateReserved": "2025-10-13T19:50:18.353Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-10-14T12:27:37.866Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC554AD6-8F3F-4C92-85EA-C204204E9E9D", "versionEndExcluding": "144.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144."}], "id": "CVE-2025-11718", "lastModified": "2026-04-13T15:16:41.083", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-10-14T13:15:38.150", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980808"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-451"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T17:45:55.908379+00:00", "value": {"mitigation_remediation": ["Upgrade Firefox to version 144 or later on all Android devices that use the browser.", "Enable automatic updates for Firefox and for Android to receive future security fixes promptly.", "Verify that the device\u2019s Android version is current, as newer OS releases incorporate additional security enhancements that complement the browser patch."], "summary": {"action": "Apply Patch", "impact": "User deception via spoofed address bar"}, "threat_synthesis": {"affected_systems": "This flaw affects the Mozilla Firefox browser on Android devices, specifically all releases prior to version 144. It also relies on the Android operating system\u2019s handling of the visibilitychange event, so any device running Android that has an unfixed version of Firefox is susceptible. The movement of the address bar during scrolling is the trigger that the malicious page exploits.", "description_and_impact": "When the address bar in Firefox on Android hides because the user scrolls, a malicious web page can trigger the visibilitychange event to detect the hide, and then create a fake address bar overlay that looks like the real one. The fake bar can display arbitrary domain names or URLs to mislead the user into thinking they are on a trusted site, enabling phishing or other social\u2011engineering attacks. No code is executed; the issue is a UI deception flaw that undermines user trust.", "risk_and_exploitability": "The CVSS score of 6.5 classifies the vulnerability as a moderate severity compromise of user interface integrity. The EPSS score of less than 1% indicates a very low likelihood of widespread exploitation at present, and the flaw is not currently catalogued in the CISA KEV list. An attacker needs only a malicious webpage loaded in the victim\u2019s Firefox browser on an Android device; no additional privileges or network access are required. Once the page gains visibilitychange access it can overlay the spoofed bar immediately, making the attack surface narrow but readily reproducible in a typical browsing session."}}}}, "created": "2025-10-20T15:49:34.331816+00:00", "updated": "2026-04-20T18:00:11.147124+00:00", "vendors": ["google", "google$PRODUCT$android", "mozilla", "mozilla$PRODUCT$firefox"]}