CVE-2025-23109

MEDIUM

Mozilla Firefox < 134.0 - Origin Validation Error

Title source: rule

Description

Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerability was fixed in Firefox for iOS 134.

References (2)

[Issue Tracking, Permissions Required] https://bugzilla.mozilla.org/show_bug.cgi?id=1419275

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2025-06/

Scores

CVSS v3 6.5

EPSS 0.0114

EPSS Percentile 78.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-346

Status published

Products (2)

mozilla/firefox < 134.0

Mozilla/Firefox for iOS 134

Published Jan 11, 2025

Tracked Since Feb 18, 2026