Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR 64-bit

Download Firefox ESR 32-bit

Download a different build

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR
Firefox Privacy Notice
Get Mozilla VPN

Mozilla Foundation Security Advisory 2024-45

Security Vulnerabilities fixed in Firefox for Android 130.0.1

Announced
September 17, 2024
Impact
high
Products
Firefox for Android
Fixed in
  • Firefox for Android 130.0.1

#CVE-2024-8897: Address bar spoofing after server-side redirect

Reporter
Thomas Orlita
Impact
high
Description

Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site.
This bug only affects Firefox for Android. Other versions of Firefox are unaffected.

References