{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6428", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-06-20T14:51:33.064Z", "datePublished": "2025-06-24T12:28:02.201Z", "dateUpdated": "2026-04-13T14:31:03.707Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "140", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks.\n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks.<br>*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140."}]}], "title": "Firefox for Android opened URLs specified in a link querystring parameter", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970151"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"}], "credits": [{"lang": "en", "value": "Raul Bucata"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:03.707Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-601", "lang": "en", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-06-25T14:20:42.338589Z", "id": "CVE-2025-6428", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T14:26:41.191Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-6428", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-25T14:20:42.338589Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T14:20:49.699Z"}}], "cna": {"title": "Firefox for Android opened URLs specified in a link querystring parameter", "credits": [{"lang": "en", "value": "Raul Bucata"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "140", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970151"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"}], "descriptions": [{"lang": "en", "value": "When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks.\n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140.", "supportingMedia": [{"type": "text/html", "value": "When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks.<br>*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:03.707Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6428", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:31:03.707Z", "dateReserved": "2025-06-20T14:51:33.064Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-06-24T12:28:02.201Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "77D2BF2A-26A3-4664-93B5-B41BCF17AC9E", "versionEndExcluding": "140.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks.\n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140."}, {"lang": "es", "value": "Al proporcionar una URL en un par\u00e1metro de cadena de consulta de enlace, Firefox para Android segu\u00eda esa URL en lugar de la correcta, lo que pod\u00eda provocar ataques de phishing. *Este error solo afecta a Firefox para Android. Las dem\u00e1s versiones de Firefox no se ven afectadas.* Esta vulnerabilidad afecta a Firefox anteriores a la versi\u00f3n 140."}], "id": "CVE-2025-6428", "lastModified": "2026-04-13T15:17:06.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-06-24T13:15:23.770", "references": [{"source": "security@mozilla.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970151"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: Firefox for Android opened URLs specified in a link querystring parameter", "id": "2374568", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374568"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "details": ["When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks.\n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140."], "name": "CVE-2025-6428", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-24T12:28:02Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6428\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6428\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1970151\nhttps://www.mozilla.org/security/advisories/mfsa2025-51/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T16:58:47.484538+00:00", "value": {"mitigation_remediation": ["Update Firefox to the latest version, which includes the fix released in version 140.", "If no upgrade is immediately available, disable automatic navigation from query parameters in the browser\u2019s advanced settings or use a content filtering extension that blocks suspicious redirects.", "Verify that all installed applications on the device enforce secure link handling and avoid installing untrusted add\u2011ons or applications that may inject or alter URLs."], "summary": {"action": "Patch", "impact": "Phishing due to unintended URL navigation"}, "threat_synthesis": {"affected_systems": "The vulnerability exists solely in Firefox for Android. No other Firefox releases are affected. The defect could affect any Android device running a version of Firefox older than the patched release, regardless of the underlying Android OS version.", "description_and_impact": "Firefox for Android mistakenly follows a URL supplied in a link\u2019s query\u2011string parameter instead of the intended hyperlink target. This defect enables an attacker to redirect users to malicious sites by embedding a crafted parameter in a legitimate page link, thereby facilitating phishing attacks. The weakness is specifically a type of malicious open\u2010redirect or link\u2010validation flaw as identified by CWE\u2011601.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a medium impact level, and the EPSS score of less than 1% suggests a very low likelihood of current exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers would likely need to control or influence the query\u2011string contents of a link that a user clicks within Firefox, which could occur through malicious HTML or web content. Given the low EPSS, the risk is modest but still noteworthy for users who visit untrusted sites."}}}}, "created": "2026-04-20T17:00:12.761086+00:00", "updated": "2026-04-20T17:00:12.761104+00:00", "vendors": []}