Description
By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137.
Published: 2025-04-01
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via tab title leakage
Action: Patch
AI Analysis

Impact

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt, revealing page titles or URLs that could aid an attacker in identifying sensitive or internal resources. This vulnerability results in the unintended disclosure of confidential information to a user who manipulates the AI chat feature across tabs, representing a moderate information‑disclosure risk.

Affected Systems

Mozilla: Firefox. Versions up to and including Firefox 136 are vulnerable; the issue was fixed in Firefox 137.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate overall risk, while the EPSS score of less than 1% suggests a very low exploitation probability at the time of assessment. The vulnerability is not listed in CISA’s KEV catalog. An attacker would need to be a local user who can open multiple tabs with the AI chatbot active, inferring that the attack vector is user‑initiated browser activity rather than remote exploitation.

Generated by OpenCVE AI on April 20, 2026 at 20:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Firefox to version 137 or later to apply the vendor patch.
  • Disable the AI chatbot functionality through Firefox settings or a suitable extension if an immediate update is not possible.
  • As a temporary workaround, avoid activating the AI chatbot across multiple tabs by closing or switching tabs before engaging the feature again.

Generated by OpenCVE AI on April 20, 2026 at 20:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9295 By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137.
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137. By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137.
Title Tab title disclosure across pages when using AI chatbot

Tue, 15 Apr 2025 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
Vendors & Products Mozilla
Mozilla firefox

Thu, 10 Apr 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-359
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 12:45:00 +0000

Type Values Removed Values Added
Description By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137.
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:29:32.339Z

Reserved: 2025-03-31T09:35:34.434Z

Link: CVE-2025-3035

cve-icon Vulnrichment

Updated: 2025-04-10T20:13:52.475Z

cve-icon NVD

Status : Modified

Published: 2025-04-01T13:15:41.893

Modified: 2026-04-13T15:16:57.497

Link: CVE-2025-3035

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T20:45:16Z

Weaknesses