CVE-2025-11720
Published: 14 October 2025
Summary
CVE-2025-11720 is a high-severity User Interface (UI) Misrepresentation of Critical Information (CWE-451) vulnerability in Mozilla Firefox. Its CVSS base score is 8.1 (High).
Operationally, ranked at the 14.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-34194
Vulnerability details
The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a…
more
user into thinking it was content from a different subdomain of that site. This vulnerability was fixed in Firefox 144.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.