CVE-2025-1941

9.1

Critical

Published:4 Mar 2025

Last updated:17 Jun 2026

Source:security@mozilla.org

Modified

Weakness (CWE)

CWE-284Improper Access Control

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: None

View on MITRE Find PoC on GitHub

Description

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability was fixed in Firefox 136.

References

security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1944665

security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2025-14/