CVE-2025-9186: Vulnerability in Mozilla Firefox
Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability was fixed in Firefox 142.
AI Analysis
Technical Summary
This vulnerability involves a spoofing issue in the Address Bar component of Firefox Focus for Android, which could allow an attacker to misrepresent the URL displayed to the user. The issue was reported by Kevin Brosnan and is tracked as CVE-2025-9186. It was fixed in Firefox 142 as part of a broader security update that addressed multiple vulnerabilities. The CVSS vector indicates the attack can be performed remotely without privileges but requires user interaction, with no confidentiality impact but high integrity impact and no availability impact.
Potential Impact
The vulnerability allows spoofing in the address bar, which can mislead users about the website they are visiting. This can facilitate phishing or social engineering attacks by making malicious sites appear legitimate. However, it does not directly compromise confidentiality or availability. The impact is rated medium based on the CVSS score of 6.5.
Mitigation Recommendations
A fix for this vulnerability is available in Firefox version 142. Users and administrators should update Firefox Focus for Android to version 142 or later to remediate this issue. There is no indication from the vendor advisory that additional mitigation steps are required beyond applying the update.
CVE-2025-9186: Vulnerability in Mozilla Firefox
Description
Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability was fixed in Firefox 142.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a spoofing issue in the Address Bar component of Firefox Focus for Android, which could allow an attacker to misrepresent the URL displayed to the user. The issue was reported by Kevin Brosnan and is tracked as CVE-2025-9186. It was fixed in Firefox 142 as part of a broader security update that addressed multiple vulnerabilities. The CVSS vector indicates the attack can be performed remotely without privileges but requires user interaction, with no confidentiality impact but high integrity impact and no availability impact.
Potential Impact
The vulnerability allows spoofing in the address bar, which can mislead users about the website they are visiting. This can facilitate phishing or social engineering attacks by making malicious sites appear legitimate. However, it does not directly compromise confidentiality or availability. The impact is rated medium based on the CVSS score of 6.5.
Mitigation Recommendations
A fix for this vulnerability is available in Firefox version 142. Users and administrators should update Firefox Focus for Android to version 142 or later to remediate this issue. There is no indication from the vendor advisory that additional mitigation steps are required beyond applying the update.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-08-19T15:56:08.382Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 68a4e2f4ad5a09ad00faecc1
Added to database: 8/19/2025, 8:47:48 PM
Last enriched: 4/14/2026, 11:56:44 AM
Last updated: 5/10/2026, 6:16:52 AM
Views: 144
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.