CVE-2025-0245: Lock screen setting bypass in Firefox Focus for Android

Q: What is the severity of CVE-2025-0245?

CVE-2025-0245 has been classified as a moderate severity vulnerability.

Q: How do I fix CVE-2025-0245?

To fix CVE-2025-0245, update Firefox to version 135 or later.

Q: Who is affected by CVE-2025-0245?

CVE-2025-0245 affects all users of Firefox versions prior to 135.

Q: What type of vulnerability is CVE-2025-0245?

CVE-2025-0245 is a authentication bypass vulnerability.

Q: Can CVE-2025-0245 be exploited remotely?

Yes, CVE-2025-0245 can be exploited remotely under specific conditions.

Published Jan 7, 2025

Updated

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed.

Affected Software

2 affected componentsFixes available

Mozilla Firefox<134

134

Mozilla Firefox<134.0

Event History

Jan 7, 2025

CVE Published

via Mozilla·12:00 AM

CVE Published

via MITRE·04:07 PM

Data Sourced

via MITRE·04:07 PM

Description

Data Sourced

via NVD·04:15 PM

DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

MFSA2025-01

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2025-0245?

CVE-2025-0245 has been classified as a moderate severity vulnerability.

How do I fix CVE-2025-0245?

To fix CVE-2025-0245, update Firefox to version 135 or later.

Who is affected by CVE-2025-0245?