Google: >> Android Security Vulnerabilities
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-06-24
When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-06-24
In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-06-03
In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-06-03
In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-06-03
There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-05-27
In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-05-27
There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-05-27
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-21
Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-05-07