CVE-2025-27425: Vulnerability in Mozilla Firefox for iOS
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136.
AI Analysis
Technical Summary
This vulnerability involves the QR code scanning feature in Firefox for iOS. When a QR code containing a URL is scanned, the browser should prompt the user for confirmation before opening the link. Due to this flaw, certain QR codes could bypass the confirmation alert, causing the URL to open automatically. This could potentially lead to user redirection without explicit consent. The issue was reported to Mozilla and resolved in Firefox for iOS 136. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality or availability impact, and low integrity impact.
Potential Impact
The impact is limited to integrity, as a URL can be opened without user confirmation, potentially leading to unintended navigation. There is no confidentiality or availability impact. The vulnerability is rated medium severity with a CVSS score of 4.3. No known exploits have been reported in the wild.
Mitigation Recommendations
Mozilla fixed this vulnerability in Firefox for iOS version 136. Users and administrators should update to Firefox for iOS 136 or later to remediate this issue. Since the vendor advisory confirms the fix, no additional mitigation steps are required.
CVE-2025-27425: Vulnerability in Mozilla Firefox for iOS
Description
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves the QR code scanning feature in Firefox for iOS. When a QR code containing a URL is scanned, the browser should prompt the user for confirmation before opening the link. Due to this flaw, certain QR codes could bypass the confirmation alert, causing the URL to open automatically. This could potentially lead to user redirection without explicit consent. The issue was reported to Mozilla and resolved in Firefox for iOS 136. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality or availability impact, and low integrity impact.
Potential Impact
The impact is limited to integrity, as a URL can be opened without user confirmation, potentially leading to unintended navigation. There is no confidentiality or availability impact. The vulnerability is rated medium severity with a CVSS score of 4.3. No known exploits have been reported in the wild.
Mitigation Recommendations
Mozilla fixed this vulnerability in Firefox for iOS version 136. Users and administrators should update to Firefox for iOS 136 or later to remediate this issue. Since the vendor advisory confirms the fix, no additional mitigation steps are required.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-02-24T20:03:31.187Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.mozilla.org/security/advisories/mfsa2025-13/","vendor":"Mozilla"}]
Threat ID: 69dd057782d89c981f01729d
Added to database: 4/13/2026, 3:02:15 PM
Last enriched: 4/13/2026, 3:18:38 PM
Last updated: 4/14/2026, 6:03:45 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.