CVE-2025-1939: Vulnerability in Mozilla Firefox
Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability was fixed in Firefox 136.
AI Analysis
Technical Summary
The vulnerability CVE-2025-1939 affects Mozilla Firefox on Android devices using the Custom Tabs feature. This feature supports transition animations that could be exploited to mislead users into granting sensitive permissions by hiding the true target of their clicks (tapjacking). The issue was resolved in Firefox 136 as per the Mozilla Foundation Security Advisory 2025-14. The CVSS 3.1 base score is 3.9 (low severity) with attack vector local, low attack complexity, low privileges required, and user interaction needed. No known active exploits have been reported.
Potential Impact
If exploited, this vulnerability could allow an attacker to trick a user into granting sensitive permissions unintentionally by manipulating the UI through transition animations in Android Custom Tabs. The impact is limited to confidentiality and integrity with no availability impact. The low CVSS score reflects the requirement for user interaction and local attack vector, reducing the overall risk. There are no reports of active exploitation in the wild.
Mitigation Recommendations
This vulnerability is fixed in Mozilla Firefox version 136. Users and administrators should update to Firefox 136 or later to remediate this issue. No additional mitigation actions are required beyond applying the official update.
CVE-2025-1939: Vulnerability in Mozilla Firefox
Description
Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability was fixed in Firefox 136.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2025-1939 affects Mozilla Firefox on Android devices using the Custom Tabs feature. This feature supports transition animations that could be exploited to mislead users into granting sensitive permissions by hiding the true target of their clicks (tapjacking). The issue was resolved in Firefox 136 as per the Mozilla Foundation Security Advisory 2025-14. The CVSS 3.1 base score is 3.9 (low severity) with attack vector local, low attack complexity, low privileges required, and user interaction needed. No known active exploits have been reported.
Potential Impact
If exploited, this vulnerability could allow an attacker to trick a user into granting sensitive permissions unintentionally by manipulating the UI through transition animations in Android Custom Tabs. The impact is limited to confidentiality and integrity with no availability impact. The low CVSS score reflects the requirement for user interaction and local attack vector, reducing the overall risk. There are no reports of active exploitation in the wild.
Mitigation Recommendations
This vulnerability is fixed in Mozilla Firefox version 136. Users and administrators should update to Firefox 136 or later to remediate this issue. No additional mitigation actions are required beyond applying the official update.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-03-04T12:29:44.141Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68be1ecce3f0bafba8aa56b0
Added to database: 9/8/2025, 12:09:48 AM
Last enriched: 4/14/2026, 11:43:42 AM
Last updated: 5/10/2026, 12:09:45 AM
Views: 254
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.