CVE-2025-6431: 
NixOS vulnerability analysis and mitigation

CVE-2025-6431 is a security vulnerability discovered in Firefox for Android affecting versions prior to 140. The vulnerability was disclosed on June 24, 2025, and was reported by security researcher Umar Farooq. The issue specifically affects the prompt mechanism that appears when opening links in external applications on Android devices (Mozilla Advisory, NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. It has been categorized under CWE-285 (Improper Authorization). The issue relates to the security prompt that Firefox for Android displays before opening links in external applications (CISA-ADP).

The vulnerability could potentially expose users to security vulnerabilities and privacy leaks in external applications by bypassing the security prompt that normally appears when opening links in external applications. This bypass could lead to unauthorized access to external applications without user consent (Mozilla Advisory, NVD).

The vulnerability has been fixed in Firefox version 140. Users are advised to update their Firefox for Android installations to this version or later to mitigate the security risk. No alternative workarounds have been published (Mozilla Advisory).