CVE-2025-1935

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-1935

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1935.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-1935

Downstream

DEBIAN-CVE-2025-1935

DLA-4078-1

DLA-4081-1

DSA-5874-1

DSA-5876-1

OESA-2025-1265

OESA-2025-1266

OESA-2025-1267

OESA-2025-1268

OESA-2025-1835

RHSA-2025:2359

RHSA-2025:2452

RHSA-2025:2479

RHSA-2025:2480

RHSA-2025:2481

RHSA-2025:2484

RHSA-2025:2485

RHSA-2025:2486

RHSA-2025:2699

RHSA-2025:2708

RLSA-2025:2452

SUSE-SU-2025:0783-1

SUSE-SU-2025:0788-1

SUSE-SU-2025:0849-1

UBUNTU-CVE-2025-1935

USN-7334-1

USN-7663-1

openSUSE-SU-2025:14852-1

openSUSE-SU-2025:14853-1

openSUSE-SU-2025:14861-1

openSUSE-SU-2025:14958-1

Related

Published

2025-03-04T14:15:38Z

Modified

2026-02-04T02:33:50.622670Z

Summary

[none]

Details

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

References

Affected packages