CVE-2025-11717 is a privacy vulnerability affecting Mozilla Firefox on Android devices running versions prior to 144. The issue arises from the way Firefox integrates with the Android operating system's app switcher (card carousel) feature. When users switch between apps, Android captures a snapshot of the app's last screen to display as a card image. For security-sensitive screens, such as password edit dialogs, it is standard practice to obscure or hide these snapshots to prevent sensitive information leakage. However, in Firefox versions before 144, the password edit screen was not properly hidden or obscured. Instead, the actual password edit UI was visible as the card image in the app switcher. This means that anyone with physical access to the device or who can view the app switcher can see the password input fields or related sensitive UI elements, potentially exposing passwords or password hints. The vulnerability does not require any special user interaction beyond normal app switching and does not involve remote exploitation. It is a local privacy leak. Mozilla addressed the issue in Firefox 144 by ensuring that password-related screens are replaced with a black or generic image in the card carousel, preventing sensitive data exposure. No known exploits in the wild have been reported. The vulnerability affects all Firefox Android users on versions prior to 144, regardless of specific device models. Because the flaw is related to UI rendering in the app switcher, it is specific to Android platforms and does not affect desktop or iOS versions of Firefox. The lack of a CVSS score suggests this is a moderate privacy issue rather than a critical remote code execution or privilege escalation vulnerability.

For European organizations, this vulnerability poses a confidentiality risk by potentially exposing sensitive password information through the Android app switcher interface. Employees using affected Firefox versions on Android devices in shared or public environments could inadvertently reveal passwords or password-related UI elements to unauthorized viewers. This could facilitate social engineering, credential theft, or unauthorized access to corporate accounts. While the vulnerability does not enable remote exploitation or system compromise, the local exposure of sensitive data can undermine trust and compliance with data protection regulations such as GDPR. Organizations with strict privacy policies or those handling sensitive data (e.g., financial institutions, healthcare providers) are particularly at risk. The impact is heightened in scenarios where devices are shared, left unattended, or inspected by malicious insiders. However, the scope is limited to Firefox on Android and requires physical or local access to the device. The absence of known exploits reduces immediate risk but does not eliminate the potential for opportunistic data leakage.

The primary mitigation is to upgrade Mozilla Firefox on Android devices to version 144 or later, where the vulnerability has been fixed by obscuring password-related screens in the app switcher. Organizations should enforce or encourage timely browser updates through mobile device management (MDM) solutions or user education. Additionally, users should be trained to lock their devices when not in use and to avoid leaving sensitive screens open when switching apps. Implementing screen lock timeouts and biometric authentication can reduce the risk of unauthorized access to the app switcher. For highly sensitive environments, consider restricting the use of Firefox on Android or using browsers with verified privacy protections. Monitoring for unusual access patterns or insider threats can also help detect exploitation attempts. Finally, organizations should review their mobile security policies to include awareness of UI-based privacy leaks and incorporate this vulnerability into their risk assessments.