Description
In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141.
Published: 2025-08-19
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Update Browser
AI Analysis

Impact

Firefox for Android incorrectly truncates URLs displayed in the address bar, showing the trailing portion rather than preserving the origin. This behavior can reveal the full URL, potentially exposing sensitive query parameters, subdomains, or internal hostnames to users. The issue is classified as Information Disclosure (CWE‑451).

Affected Systems

Mozilla Firefox for Android is affected. All installations prior to version 141 are vulnerable, as the problem was resolved in that release. No other products or operating systems are impacted beyond the Android client.

Risk and Exploitability

The CVSS score of 5.3 marks the vulnerability as moderate. An EPSS score of less than 1 % indicates that the likelihood of real‑world exploitation is low. The vulnerability is not listed in CISA’s KEV catalog and no public exploits have been reported. Attackers would need to craft a malicious URL that is displayed in the address bar; the low EPSS suggests that exploitation would be uncommon. Nonetheless, applying the latest patch promptly reduces the potential for inadvertent disclosure.

Generated by OpenCVE AI on April 20, 2026 at 18:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Firefox 141 or later to fix the truncation bug.
  • Ensure that automatic patching is enabled so future releases are applied without delay.
  • Until the update can be installed, encourage users to use a different browser or be cautious when copying URLs that contain sensitive information.

Generated by OpenCVE AI on April 20, 2026 at 18:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-25233 In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox < 141.
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox < 141. In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141.
Title Incorrect URL truncation in Firefox for Android

Fri, 19 Sep 2025 17:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Thu, 21 Aug 2025 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Mozilla
Mozilla firefox
Vendors & Products Google
Google android
Mozilla
Mozilla firefox

Wed, 20 Aug 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-451
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 19 Aug 2025 21:00:00 +0000

Type Values Removed Values Added
Description In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox < 141.
References

Subscriptions

Google Android
Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:31:29.505Z

Reserved: 2025-07-22T10:14:11.150Z

Link: CVE-2025-8041

cve-icon Vulnrichment

Updated: 2025-08-20T14:03:55.478Z

cve-icon NVD

Status : Modified

Published: 2025-08-19T21:15:29.250

Modified: 2026-04-13T15:17:12.403

Link: CVE-2025-8041

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T18:15:13Z

Weaknesses