{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8041", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-07-22T10:14:11.150Z", "datePublished": "2025-08-19T20:52:46.116Z", "dateUpdated": "2026-04-13T14:31:29.505Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "141", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141."}]}], "title": "Incorrect URL truncation in Firefox for Android", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1670725"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"}], "credits": [{"lang": "en", "value": "Chris Peterson and Kirtikumar Anandrao Ramchandani"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:29.505Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-451", "lang": "en", "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1670725", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-08-20T14:03:49.680449Z", "id": "CVE-2025-8041", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-20T15:18:10.040Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-8041", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-20T14:03:49.680449Z"}}}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1670725", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-451", "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-20T14:03:55.478Z"}}], "cna": {"title": "Incorrect URL truncation in Firefox for Android", "credits": [{"lang": "en", "value": "Chris Peterson and Kirtikumar Anandrao Ramchandani"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "141", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1670725"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"}], "descriptions": [{"lang": "en", "value": "In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141.", "supportingMedia": [{"type": "text/html", "value": "In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:29.505Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8041", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:31:29.505Z", "dateReserved": "2025-07-22T10:14:11.150Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-08-19T20:52:46.116Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "8684A46E-D70A-4830-8971-A6DCC360F422", "versionEndExcluding": "141.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141."}, {"lang": "es", "value": "En la barra de direcciones, Firefox para Android truncaba la visualizaci\u00f3n de las URL desde el final en lugar de priorizar el origen. Esta vulnerabilidad afecta a Firefox anterior a la versi\u00f3n 141."}], "id": "CVE-2025-8041", "lastModified": "2026-04-13T15:17:12.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-08-19T21:15:29.250", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1670725"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1670725"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-451"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T18:01:08.992241+00:00", "value": {"mitigation_remediation": ["Upgrade to Firefox\u202f141 or later to fix the truncation bug.", "Ensure that automatic patching is enabled so future releases are applied without delay.", "Until the update can be installed, encourage users to use a different browser or be cautious when copying URLs that contain sensitive information."], "summary": {"action": "Update Browser", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox for Android is affected. All installations prior to version\u202f141 are vulnerable, as the problem was resolved in that release. No other products or operating systems are impacted beyond the Android client.", "description_and_impact": "Firefox for Android incorrectly truncates URLs displayed in the address bar, showing the trailing portion rather than preserving the origin. This behavior can reveal the full URL, potentially exposing sensitive query parameters, subdomains, or internal hostnames to users. The issue is classified as Information Disclosure (CWE\u2011451).", "risk_and_exploitability": "The CVSS score of 5.3 marks the vulnerability as moderate. An EPSS score of less than 1\u202f% indicates that the likelihood of real\u2011world exploitation is low. The vulnerability is not listed in CISA\u2019s KEV catalog and no public exploits have been reported. Attackers would need to craft a malicious URL that is displayed in the address bar; the low EPSS suggests that exploitation would be uncommon. Nonetheless, applying the latest patch promptly reduces the potential for inadvertent disclosure."}}}}, "created": "2025-08-21T12:31:49.906590+00:00", "updated": "2026-04-20T18:15:13.610906+00:00", "vendors": ["google", "google$PRODUCT$android", "mozilla", "mozilla$PRODUCT$firefox"]}