CVE-2025-10535: Vulnerability in Mozilla Firefox
Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability was fixed in Firefox 143.
AI Analysis
Technical Summary
This vulnerability (CVE-2025-10535) affects the Privacy component in Firefox for Android, allowing information disclosure and bypassing mitigation controls. It was reported by Rebeca Tudor and is classified under CWE-200 (Exposure of Sensitive Information). The CVSS 3.1 base score is 7.5 (high), indicating network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, high integrity impact, and no availability impact. Mozilla fixed this issue in Firefox 143 as part of a broader security update addressing multiple vulnerabilities.
Potential Impact
The vulnerability allows an attacker to bypass privacy mitigations and disclose information within Firefox for Android. This could compromise user privacy by exposing sensitive data. The CVSS score of 7.5 reflects a high impact on integrity and a significant security concern. However, there are no known exploits in the wild at this time.
Mitigation Recommendations
Mozilla has released an official fix for this vulnerability in Firefox version 143. Users and administrators should update Firefox for Android to version 143 or later to remediate this issue. No additional mitigation steps are required beyond applying the official update.
CVE-2025-10535: Vulnerability in Mozilla Firefox
Description
Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability was fixed in Firefox 143.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2025-10535) affects the Privacy component in Firefox for Android, allowing information disclosure and bypassing mitigation controls. It was reported by Rebeca Tudor and is classified under CWE-200 (Exposure of Sensitive Information). The CVSS 3.1 base score is 7.5 (high), indicating network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, high integrity impact, and no availability impact. Mozilla fixed this issue in Firefox 143 as part of a broader security update addressing multiple vulnerabilities.
Potential Impact
The vulnerability allows an attacker to bypass privacy mitigations and disclose information within Firefox for Android. This could compromise user privacy by exposing sensitive data. The CVSS score of 7.5 reflects a high impact on integrity and a significant security concern. However, there are no known exploits in the wild at this time.
Mitigation Recommendations
Mozilla has released an official fix for this vulnerability in Firefox version 143. Users and administrators should update Firefox for Android to version 143 or later to remediate this issue. No additional mitigation steps are required beyond applying the official update.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-09-16T06:48:48.904Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 68c958bfff7c553b3ddd1ef7
Added to database: 9/16/2025, 12:31:59 PM
Last enriched: 4/14/2026, 11:34:20 AM
Last updated: 5/10/2026, 12:30:04 AM
Views: 103
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.