CVE-2025-10535: 
NixOS vulnerability analysis and mitigation

CVE-2025-10535 is an information disclosure and mitigation bypass vulnerability discovered in the Privacy component of Firefox for Android. The vulnerability was disclosed on September 16, 2025, and affects Firefox versions prior to 143. The issue was reported by security researcher Rebeca Tudor (Mozilla Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and can result in high impact to integrity while not affecting confidentiality or availability. The vulnerability has been classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (Ubuntu CVE).

The vulnerability poses a significant security risk as it allows for information disclosure and bypassing of privacy-related mitigations specifically in the Firefox for Android application. The high CVSS score and integrity impact rating suggest that successful exploitation could lead to unauthorized access to sensitive information or compromise of privacy-related security controls (NVD).

The vulnerability has been patched in Firefox version 143. Users are strongly advised to update their Firefox for Android installations to this version or later to mitigate the risk. For systems that cannot be immediately updated, no alternative workarounds have been publicly documented (Mozilla Advisory).