CVE-2025-1941: Lock screen setting bypass in Firefox Focus for Android

Q: What is the severity of CVE-2025-1941?

CVE-2025-1941 has been classified as a moderate severity vulnerability.

Q: How do I fix CVE-2025-1941?

To mitigate CVE-2025-1941, you should update Mozilla Firefox to the latest version beyond 136.

Q: What systems are affected by CVE-2025-1941?

CVE-2025-1941 affects Mozilla Firefox versions up to and including 136.

Q: What does CVE-2025-1941 exploit?

CVE-2025-1941 exploits a bypass of the user opt-in setting for authentication requirements in Focus.

Q: Who is responsible for CVE-2025-1941?

CVE-2025-1941 has been identified and documented by Mozilla's security team.

Published Mar 4, 2025

Updated

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245).

Affected Software

3 affected componentsFixes available

Mozilla Firefox<136

136

Mozilla Firefox<136.0

Event History

Mar 4, 2025

CVE Published

via Mozilla·12:00 AM

CVE Published

via MITRE·01:31 PM

Data Sourced

via MITRE·01:31 PM

Description

Data Sourced

via NVD·02:15 PM

DescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

MFSA2025-14

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2025-1941?

CVE-2025-1941 has been classified as a moderate severity vulnerability.

How do I fix CVE-2025-1941?

To mitigate CVE-2025-1941, you should update Mozilla Firefox to the latest version beyond 136.

What systems are affected by CVE-2025-1941?