CVE-2025-0244
Published: 07 January 2025
Summary
CVE-2025-0244 is a medium-severity Open Redirect (CWE-601) vulnerability in Mozilla Firefox. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Link (T1566.002); ranked in the top 8.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation requires applying patches like Firefox 134 to directly eliminate CVE-2025-0244 address bar spoofing via invalid protocol redirects.
Vulnerability scanning identifies vulnerable Firefox versions on Android affected by CVE-2025-0244, enabling targeted remediation.
Monitoring vendor security advisories such as MFSA 2025-01 provides awareness of CVE-2025-0244 and prompts patching of affected Firefox instances.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Address bar spoofing via malicious redirect enables deceptive links for phishing and user execution.
NVD Description
When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 134.
Deeper analysisAI
CVE-2025-0244 is a vulnerability in Mozilla Firefox on Android operating systems, where redirecting to an invalid protocol scheme allows an attacker to spoof the address bar. This issue stems from CWE-601 (URL Redirection to Untrusted Site) and carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating medium severity with low confidentiality impact. Other operating systems are unaffected, and the vulnerability was addressed in Firefox version 134.
Remote attackers can exploit this vulnerability without authentication or user interaction by crafting a malicious redirect to an invalid protocol scheme, tricking users into believing they are visiting a different site than intended. Successful exploitation enables address bar spoofing, potentially facilitating phishing attacks by misleading users about the current webpage's origin and compromising confidentiality through deceptive navigation.
Mozilla's security advisory (MFSA 2025-01) and Bugzilla entry (ID 1929584) confirm the fix in Firefox 134, recommending users update to this version or later to mitigate the issue. No workarounds are specified in the provided references.
Details
- CWE(s)