{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1940", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-03-04T12:29:45.975Z", "datePublished": "2025-03-04T13:31:24.265Z", "dateUpdated": "2026-04-13T14:30:23.514Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "136", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. \n*This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox 136.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. <br>*This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox 136."}]}], "title": "Android Intent confirmation prompt tapjacking using Select options", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1908488"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/"}], "credits": [{"lang": "en", "value": "Shaheen Fazim"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:23.514Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1021", "lang": "en", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-04T15:55:08.191960Z", "id": "CVE-2025-1940", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T15:57:34.877Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-1940", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-04T15:55:08.191960Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1021", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T15:57:29.783Z"}}], "cna": {"title": "Android Intent confirmation prompt tapjacking using Select options", "credits": [{"lang": "en", "value": "Shaheen Fazim"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "136", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1908488"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/"}], "descriptions": [{"lang": "en", "value": "A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. \n*This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox 136.", "supportingMedia": [{"type": "text/html", "value": "A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. <br>*This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox 136.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:23.514Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1940", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:30:23.514Z", "dateReserved": "2025-03-04T12:29:45.975Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-03-04T13:31:24.265Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DB4CDD0-EC54-43D0-ACB2-F159ABA53D2C", "versionEndExcluding": "136.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. \n*This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox 136."}, {"lang": "es", "value": "Una opci\u00f3n de selecci\u00f3n podr\u00eda ocultar parcialmente el mensaje de confirmaci\u00f3n que se muestra antes de iniciar aplicaciones externas. Esto podr\u00eda usarse para enga\u00f1ar a un usuario para que inicie una aplicaci\u00f3n externa inesperadamente. *Este problema solo afecta a las versiones de Firefox para Android.* Esta vulnerabilidad afecta a Firefox anterior a la versi\u00f3n 136."}], "id": "CVE-2025-1940", "lastModified": "2026-04-13T15:16:53.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-03-04T14:15:38.950", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1908488"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-14/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1021"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: Android Intent confirmation prompt tapjacking using Select options", "id": "2349788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349788"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-451", "details": ["A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. \n*This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 136.", "A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly."], "name": "CVE-2025-1940", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-04T13:31:24Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1940\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-1940\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1908488\nhttps://www.mozilla.org/security/advisories/mfsa2025-14/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.\nThis issue only affects Android versions of Firefox.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T18:23:47.805740+00:00", "value": {"mitigation_remediation": ["Upgrade to Firefox Android version 136 or later, which removes the UI deception issue.", "Apply any available Android OS security updates that may patch related intent handling vulnerabilities.", "Disable any third\u2011party applications or overlays that alter the Android UI, as these can amplify the impact of UI\u2011based attacks."], "summary": {"action": "Patch", "impact": "Unintended launch of external applications via visual deception"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox on Android platforms, before version 136. Users running older Android versions of Firefox are vulnerable.", "description_and_impact": "A select element can partially hide the confirmation dialog that appears before an Android app launches an external intent, misleading users into believing they are consenting. The result is an unexpected launch of a potentially malicious or unwanted external application. This is a usability\u2011based exploitation, mapped to the UI deception weakness.", "risk_and_exploitability": "The CVSS score of 7.1 indicates moderate impact with possible business damage and privacy concerns. EPSS is below 1\u202f%, suggesting exploitation is rare at the moment. The vulnerability is not listed in CISA KEV and therefore is not known to be actively exploited. The attack vector is inferred to rely on user interaction; an attacker would need to trick a user into selecting an option that overlays the confirmation prompt, which requires social engineering."}}}}, "created": "2026-04-20T18:30:13.980000+00:00", "updated": "2026-04-20T18:30:13.980016+00:00", "vendors": []}