Security Advisory

CVE-2025-11716

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-14 12:27:36

Last updated 2026-04-13 14:31:17

Assigner mozilla

State PUBLISHED

Description

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144.

← Browse all CVEs View on cve.org ↗