CVE-2025-23108

{"id": "CVE-2025-23108", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-01-11T04:15:06.280", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1933172", "tags": ["Issue Tracking", "Permissions Required"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-06/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS < 134."}, {"lang": "es", "value": "Abrir enlaces de Javascript en una nueva pesta\u00f1a manteniendo pulsada la tecla en el cliente iOS de Firefox podr\u00eda provocar que un script malicioso falsifique la URL de la nueva pesta\u00f1a. Esta vulnerabilidad afecta a Firefox para iOS &lt; 134."}], "lastModified": "2025-04-03T18:58:00.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "287CBA5C-D765-4028-A3EE-44AE2589E99E", "versionEndExcluding": "134.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}