CVE-2025-0244 – This vulnerability in Firefox for Android allow... (How to Fix)

Q: How do I fix CVE-2025-0244?

1. Open Google Play Store on Android device. 2. Search for Firefox. 3. If update is available, tap Update. 4. Restart Firefox after update completes.

Q: What is the severity of CVE-2025-0244?

CVE-2025-0244 has a CVSS score of 5.3 (MEDIUM). This vulnerability in Firefox for Android allows attackers to spoof the address bar when redirecting to invalid protocol schemes, potentially tricking users into believing they're on legitimate sites. Only affects Android users running Firefox versions below 134.

📋 TL;DR

This vulnerability in Firefox for Android allows attackers to spoof the address bar when redirecting to invalid protocol schemes, potentially tricking users into believing they're on legitimate sites. Only affects Android users running Firefox versions below 134.

💻 Affected Systems

Products:

Mozilla Firefox

Versions: All versions < 134

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Android operating systems. iOS, Windows, macOS, and Linux are unaffected.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be tricked into entering sensitive information on spoofed sites that appear legitimate in the address bar, leading to credential theft or financial fraud.

🟠

Likely Case

Phishing attacks where users are redirected to malicious sites that appear to be legitimate due to address bar spoofing.

🟢

If Mitigated

Minimal impact if users verify URLs carefully and don't enter sensitive information on suspicious sites.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (clicking a malicious link) and affects only Android Firefox browsers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 134

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-01/

Restart Required: Yes

Instructions:

1. Open Google Play Store on Android device. 2. Search for Firefox. 3. If update is available, tap Update. 4. Restart Firefox after update completes.

🔧 Temporary Workarounds

Disable automatic redirects

android

Configure Firefox to prompt before redirecting to prevent automatic exploitation

about:config
Set accessibility.blockautorefresh to true

🧯 If You Can't Patch

Use alternative browsers on Android until Firefox can be updated
Educate users to manually verify URLs before entering sensitive information

🔍 How to Verify

Check if Vulnerable:

Open Firefox on Android, go to Settings > About Firefox, check if version is below 134

Check Version:

Open Firefox > Settings > About Firefox

Verify Fix Applied:

Confirm Firefox version is 134 or higher in Settings > About Firefox

📡 Detection & Monitoring

Log Indicators:

Unusual redirect patterns in web server logs
Multiple failed protocol scheme redirects

Network Indicators:

HTTP redirects to invalid protocol schemes (e.g., invalid:// URLs)

SIEM Query:

web.url CONTAINS "invalid://" OR web.url CONTAINS unusual protocol schemes

📊 Metadata

CVE ID: CVE-2025-0244

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-601

EPSS Score: 0.26% exploit probability (49.1th percentile)

Published: January 7, 2025

Last Updated: April 3, 2025

🔗 References

https://bugzilla.mozilla.org/show_bug.cgi?id=1929584 Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2025-01/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0244, you might also want to check these: