CVE-2025-11717 is a critical information disclosure vulnerability affecting Mozilla Firefox on Android devices prior to version 144. The issue arises when users switch between Android apps using the card carousel (the app switcher). Previously, if the last active Firefox screen was password-related (e.g., password edit or entry screen), the card carousel would display that sensitive screen image, potentially exposing confidential password information visually. Starting with Firefox 144, this behavior changed to show a black screen instead, preventing sensitive data exposure. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and has a CVSS v3.1 base score of 9.1, reflecting its critical severity. The vector metrics indicate that the vulnerability can be exploited remotely without authentication or user interaction, and it impacts confidentiality and integrity severely, though it does not affect availability. No patches or exploits are currently publicly available, but the flaw represents a significant privacy risk, especially in environments where device screens may be observed or captured by malicious apps or attackers. The vulnerability highlights the importance of proper UI content obfuscation when apps transition to background states on mobile platforms.

For European organizations, this vulnerability poses a significant risk to the confidentiality of sensitive credentials and password management workflows conducted via Firefox on Android devices. Attackers capable of accessing the Android app switcher or capturing screenshots could potentially view sensitive password-related screens that should have been obscured, leading to credential theft or unauthorized access. This risk is heightened in sectors with strict data protection requirements such as finance, healthcare, and government institutions. The integrity of password data could also be compromised if attackers manipulate or intercept password entry processes. Although availability is not impacted, the breach of confidentiality could lead to broader security incidents, including account takeovers and data breaches. Organizations relying on Firefox for mobile access to internal or cloud services should consider this vulnerability a critical threat to their mobile security posture.

The primary mitigation is to upgrade Mozilla Firefox on Android devices to version 144 or later, where the vulnerability is resolved by displaying a black screen in the app switcher instead of sensitive password UI content. Until the update is deployed, organizations should implement strict mobile device management (MDM) policies to restrict app switching or screen capture capabilities on devices handling sensitive information. Educate users to avoid multitasking with password screens visible and to lock devices promptly when not in use. Consider deploying additional endpoint security controls that monitor or block unauthorized screen capture or app overlay activities. For highly sensitive environments, evaluate alternative secure browsers or password management solutions that do not expose sensitive UI elements in background states. Regularly audit mobile device configurations and app versions to ensure compliance with security policies.