CVE-2025-11716: Vulnerability in Mozilla Firefox
Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144.
AI Analysis
Technical Summary
This vulnerability (CVE-2025-11716) in Mozilla Firefox on Android allows links within sandboxed iframes to open external applications without the necessary "allow-" permission. This behavior violates sandboxing restrictions intended to limit iframe capabilities. The flaw was reported by Axel Chong and fixed in Firefox 144 and Thunderbird 144. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality impact, high integrity impact, and no availability impact. The vendor advisory confirms the fix was released in Firefox 144.
Potential Impact
The vulnerability could allow a malicious webpage embedding a sandboxed iframe to open external applications on an Android device without the explicit permission normally required. This could lead to unauthorized app launches potentially impacting user control and integrity of the device environment. There is no confidentiality or availability impact reported. The issue is limited to Firefox on Android and does not affect other platforms.
Mitigation Recommendations
Mozilla has fixed this vulnerability in Firefox 144 and Thunderbird 144. Users and administrators should update affected Firefox installations on Android to version 144 or later to remediate this issue. Since the fix is officially released, no additional mitigation steps are required beyond applying the update.
CVE-2025-11716: Vulnerability in Mozilla Firefox
Description
Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2025-11716) in Mozilla Firefox on Android allows links within sandboxed iframes to open external applications without the necessary "allow-" permission. This behavior violates sandboxing restrictions intended to limit iframe capabilities. The flaw was reported by Axel Chong and fixed in Firefox 144 and Thunderbird 144. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality impact, high integrity impact, and no availability impact. The vendor advisory confirms the fix was released in Firefox 144.
Potential Impact
The vulnerability could allow a malicious webpage embedding a sandboxed iframe to open external applications on an Android device without the explicit permission normally required. This could lead to unauthorized app launches potentially impacting user control and integrity of the device environment. There is no confidentiality or availability impact reported. The issue is limited to Firefox on Android and does not affect other platforms.
Mitigation Recommendations
Mozilla has fixed this vulnerability in Firefox 144 and Thunderbird 144. Users and administrators should update affected Firefox installations on Android to version 144 or later to remediate this issue. Since the fix is officially released, no additional mitigation steps are required beyond applying the update.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-10-13T19:50:13.788Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 68ee47cf509368ccaa6fc8d0
Added to database: 10/14/2025, 12:53:35 PM
Last enriched: 4/14/2026, 11:36:11 AM
Last updated: 5/10/2026, 2:43:03 PM
Views: 214
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.