This vulnerability involves incorrect truncation of URLs in the Firefox for Android address bar, where the displayed URL was truncated from the end instead of preserving the origin portion. This behavior could cause users to misinterpret the actual site they are visiting. The issue is classified under CWE-451 (Incorrect Expression of URL). It was reported by Chris Peterson and Kirtikumar Anandrao Ramchandani and fixed in Firefox 141. The CVSS v3.1 base score is 5.3 (medium severity) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, no confidentiality or availability impact, and limited integrity impact.

The vulnerability impacts the integrity of the URL display in Firefox for Android, potentially misleading users about the true origin of a website. This could facilitate UI confusion or spoofing attacks but does not directly compromise confidentiality or availability. There are no known exploits in the wild. The impact is rated moderate by Mozilla and medium severity by CVSS.

Mozilla fixed this vulnerability in Firefox version 141. Users and administrators should update Firefox for Android to version 141 or later to remediate this issue. Since this is not a cloud service, remediation depends on applying the official vendor update. No additional mitigation steps are indicated by the vendor advisory.