CVE-2025-0244: 
NixOS vulnerability analysis and mitigation

CVE-2025-0244 is a security vulnerability discovered in Firefox that affects Android operating systems. The vulnerability was disclosed on January 7, 2025, and affects Firefox versions below 134. When redirecting to an invalid protocol scheme, an attacker could potentially spoof the address bar, presenting a significant security risk for Android users (Mozilla Advisory, Red Hat).

The vulnerability is classified as a URL Redirection to Untrusted Site ('Open Redirect') issue (CWE-601). According to the CVSS v3.1 scoring by CISA-ADP, it received a base score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. However, Red Hat's assessment differs, rating it with a CVSS v3 base score of 8.1 with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N (Red Hat).

The vulnerability allows attackers to spoof the address bar in Firefox for Android, potentially leading to phishing attacks and user interface misrepresentation of critical information. The impact is specifically limited to Android operating systems, with other operating systems remaining unaffected (Mozilla Advisory, Red Hat).

The vulnerability has been fixed in Firefox version 134. Users of affected versions should upgrade to Firefox 134 or later to mitigate this security risk (Mozilla Advisory).