CVE-2025-1940 – This vulnerability allows attackers to partiall... (How to Fix)

Q: How do I fix CVE-2025-1940?

1. Open Google Play Store 2. Search for Firefox 3. Update to version 136 or higher 4. Restart Firefox after update

Q: What is the severity of CVE-2025-1940?

CVE-2025-1940 has a CVSS score of 7.1 (HIGH). This vulnerability allows attackers to partially obscure confirmation prompts in Firefox for Android, tricking users into launching external apps unexpectedly. It affects Android users running Firefox versions below 136, potentially leading to unauthorized app launches.

📋 TL;DR

This vulnerability allows attackers to partially obscure confirmation prompts in Firefox for Android, tricking users into launching external apps unexpectedly. It affects Android users running Firefox versions below 136, potentially leading to unauthorized app launches.

💻 Affected Systems

Products:

Firefox for Android

Versions: All versions < 136

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Android versions of Firefox; desktop and iOS versions are not vulnerable

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

User unknowingly launches malicious external app that compromises device security or steals sensitive data

🟠

Likely Case

User accidentally launches legitimate external app due to obscured prompt, causing minor inconvenience

🟢

If Mitigated

No impact if users are trained to verify prompts carefully or if prompt blocking is enabled

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious web content but affects mobile browsers directly exposed to internet

🏢 Internal Only: LOW - Primarily affects mobile devices accessing external web content

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Requires crafting malicious web page but no technical exploitation needed

Exploitation requires user interaction with malicious web content; no authentication bypass needed

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 136

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-14/

Restart Required: Yes

Instructions:

1. Open Google Play Store 2. Search for Firefox 3. Update to version 136 or higher 4. Restart Firefox after update

🔧 Temporary Workarounds

Disable external app launching

android

Prevent Firefox from launching external apps entirely

about:config → search 'intent' → set 'dom.intent.enabled' to false

Use desktop mode

android

Switch to desktop view mode which may not trigger the vulnerable prompt

Tap menu → Request Desktop Site

🧯 If You Can't Patch

Train users to carefully inspect confirmation prompts before accepting
Use alternative browsers until Firefox can be updated

🔍 How to Verify

Check if Vulnerable:

Open Firefox → Menu → Settings → About Firefox → Check version number

Check Version:

about:

Verify Fix Applied:

Confirm Firefox version is 136 or higher in About Firefox section

📡 Detection & Monitoring

Log Indicators:

Unusual external app launches from Firefox
Multiple prompt acceptances in short time

Network Indicators:

Requests to known malicious domains followed by app launches

SIEM Query:

source="firefox" AND event="app_launch" AND user_interaction="prompt"

📊 Metadata

CVE ID: CVE-2025-1940

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

CWE: CWE-1021

EPSS Score: 0.1% exploit probability (27th percentile)

Published: March 4, 2025

Last Updated: April 3, 2025

🔗 References

https://bugzilla.mozilla.org/show_bug.cgi?id=1908488 Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2025-14/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1940, you might also want to check these: