Login Sign Up

CVE-2025-9186

6.5 MEDIUM

📋 TL;DR

A spoofing vulnerability in Firefox Focus for Android's address bar component allows attackers to display malicious URLs that appear legitimate. This affects Firefox versions below 142 on Android devices, potentially tricking users into visiting phishing sites or downloading malware.

💻 Affected Systems

Products:
  • Firefox Focus for Android
Versions: All versions < 142
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Firefox Focus (privacy-focused version), not standard Firefox for Android. Requires user interaction with malicious links.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be redirected to sophisticated phishing sites that steal credentials, financial information, or install malware, leading to account compromise and data theft.

🟠

Likely Case

Attackers create convincing fake websites that appear legitimate in the address bar, increasing success rates for phishing campaigns targeting Firefox Focus users.

🟢

If Mitigated

With proper user education about URL verification and updated browsers, impact is limited to visual deception that observant users can detect.

🌐 Internet-Facing: HIGH - This is a client-side vulnerability affecting browsers that directly interact with untrusted internet content.
🏢 Internal Only: LOW - Primarily affects external web browsing, though could be used in internal phishing campaigns.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to click a malicious link. No public exploit code available, but spoofing techniques are well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 142 and later

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-64/

Restart Required: No

Instructions:

1. Open Google Play Store 2. Search for Firefox Focus 3. Tap Update if available 4. Alternatively, enable auto-updates in Play Store settings

🔧 Temporary Workarounds

Use Standard Firefox

android

Switch to standard Firefox for Android which may not be affected or has different security controls

Disable Firefox Focus

android

Temporarily disable or uninstall Firefox Focus until patched

🧯 If You Can't Patch

  • Educate users to manually verify URLs before entering sensitive information
  • Implement web filtering to block known malicious domains

🔍 How to Verify

Check if Vulnerable:

Check Firefox Focus version in app settings: Settings > About Firefox Focus

Check Version:

Not applicable - check via app UI

Verify Fix Applied:

Confirm version is 142 or higher in app settings

📡 Detection & Monitoring

Log Indicators:

  • Unusual redirect patterns in browser logs
  • Multiple failed authentication attempts following specific URL visits

Network Indicators:

  • Traffic to domains with URL structure mismatches
  • Increased connections to newly registered domains

SIEM Query:

source="firefox_focus" AND (event="navigation" OR event="redirect") AND url CONTAINS suspicious_pattern

📊 Metadata

CVE ID: CVE-2025-9186
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE: CWE-451
EPSS Score: 0.03% exploit probability (6.9th percentile)
Published: August 19, 2025
Last Updated: August 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9186, you might also want to check these:

CVE-2025-8043 9.8

This vulnerability involves incorrect URL truncation in Firefox and Thunderbird, which could allow a...

Same vulnerability type (CWE-451)
CVE-2026-2634 9.8

This vulnerability in Firefox for iOS allows malicious scripts to desynchronize the address bar from...

Same vulnerability type (CWE-451)
CVE-2026-0906 9.8

This vulnerability allows attackers to spoof the URL bar (Omnibox) in Google Chrome on Android, pote...

Same vulnerability type (CWE-451)