{
  "threat_severity" : "Important",
  "public_date" : "2025-01-07T16:07:04Z",
  "bugzilla" : {
    "description" : "firefox: Address bar spoofing using an invalid protocol scheme on Firefox for Android",
    "id" : "2336187",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2336187"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-451",
  "details" : [ "When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. \n*Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 134.", "A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When redirecting to an invalid protocol scheme, an attacker could spoof the address bar." ],
  "statement" : "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. This issue only affected Android operating systems. Other operating systems are unaffected.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "firefox:flatpak/firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-0244\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-0244\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1929584\nhttps://www.mozilla.org/security/advisories/mfsa2025-01/" ],
  "name" : "CVE-2025-0244",
  "csaw" : false
}