CVE-2025-11718: 
NixOS vulnerability analysis and mitigation

CVE-2025-11718 is a moderate severity vulnerability discovered in Firefox versions prior to 144, specifically affecting the Android platform. The vulnerability was disclosed on October 14, 2025, and was reported by security researchers Hafiizh & kang ali. The issue affects Mozilla Firefox's address bar functionality on Android devices (Mozilla Advisory).

The vulnerability has a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. The technical issue occurs when the address bar is hidden during scrolling on Android devices, allowing a malicious page to create a fake address bar in response to a visibilitychange event, potentially misleading users about their current location (NVD). The vulnerability is classified under CWE-451 (User Interface Misrepresentation of Critical Information).

The vulnerability allows attackers to create a spoofed address bar on Android devices, which could be used to deceive users about their current website location. This could lead to effective phishing attacks where users believe they are on a legitimate website when they are actually on a malicious one (Mozilla Advisory).

The vulnerability has been fixed in Firefox version 144. Users of affected versions are strongly advised to update to Firefox 144 or later to mitigate this security risk (Mozilla Advisory).