{
  "threat_severity" : "Low",
  "public_date" : "2025-06-24T12:28:03Z",
  "bugzilla" : {
    "description" : "firefox: The prompt in Firefox for Android that asks before opening a link in an external application could be bypassed",
    "id" : "2374564",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2374564"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
    "status" : "draft"
  },
  "details" : [ "When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. \n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140.", "A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue:\nWhen a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. <br>*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*" ],
  "statement" : "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "rhel10/firefox-flatpak",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-6431\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6431\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1942716\nhttps://www.mozilla.org/security/advisories/mfsa2025-51/" ],
  "name" : "CVE-2025-6431",
  "csaw" : false
}