CVE-2025-3859

Firefox Focus elide URL allows address bar spoofing

CVSS 4.3 MEDIUMEPSS 0.2%CWE-451

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 4.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

30 abr 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage. This vulnerability was fixed in Focus 138.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Produtos afetados

Mozilla · Focus

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://bugzilla.mozilla.org/show_bug.cgi?id=1951533 https://www.mozilla.org/security/advisories/mfsa2025-33/