CVE-2025-3035

Name
CVE-2025-3035
Description
By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security@mozilla.org https://bugzilla.mozilla.org/show_bug.cgi?id=1952268
security@mozilla.org https://www.mozilla.org/security/advisories/mfsa2025-20/

Match rules

CPE URI Source package Min version Max version
firefox >= unspecified < 137

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
firefox edge-community 133.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
firefox edge-community 134.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
firefox edge-community 134.0.1-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
firefox edge-community 134.0.1-r1 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
firefox edge-community 135.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
firefox edge-community 135.0.1-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
firefox edge-community 136.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
firefox edge-community 136.0.2-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
firefox edge-community 136.0.3-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
firefox edge-community 136.0.4-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
firefox 3.22-community 136.0.4-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable