CVE-2025-11717: 
NixOS vulnerability analysis and mitigation

CVE-2025-11717 is a moderate severity vulnerability affecting Firefox versions prior to 144 on Android devices. The vulnerability was discovered and reported by 'msd' and was disclosed on October 14, 2025. The issue occurs when switching between Android apps using the card carousel feature, where Firefox fails to properly hide password-related screens, instead showing them as visible in the card image prior to version 144 (Mozilla Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 9.1 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. It is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The technical issue involves the improper handling of password-related screens in the Android card view feature, where sensitive information could potentially be exposed when switching between applications (NVD).

The vulnerability could lead to exposure of sensitive password-related information when users switch between Android applications using the card carousel feature. This could potentially compromise user security by revealing password screens that should remain hidden (Mozilla Advisory).

The vulnerability has been fixed in Firefox version 144. Users are advised to update their Firefox installations to version 144 or later to mitigate this security issue (Mozilla Advisory).