Security Advisory

CVE-2025-8042

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-19 20:52:46

Last updated 2026-04-13 14:31:31

Assigner mozilla

State PUBLISHED

Description

Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability was fixed in Firefox 141.

← Browse all CVEs View on cve.org ↗