Lucene search
K

109 matches found

NVD
NVD
added 2026/06/16 1:16 p.m.12 views

CVE-2026-53899

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0...

6.5CVSS0.00096EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 11:53 a.m.7 views

EUVD-2026-37078

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...

4.3CVSS5.4AI score0.001EPSS
Exploits0References2
Mozilla
Mozilla
added 2026/06/16 12:0 a.m.25 views

Security Vulnerabilities fixed in Firefox for iOS 152.0 — Mozilla

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in...

6.5CVSS5.3AI score0.001EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-9309

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...

5.4CVSS5.7AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 11:24 a.m.31 views

CVE-2026-9308 Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

0.00157EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.11 views

SUSE CVE-2026-8706

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0...

6.5CVSS5.9AI score0.00192EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/19 2:27 p.m.13 views

EUVD-2026-30943

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0...

6.5CVSS5.9AI score0.00192EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 2:27 p.m.28 views

CVE-2026-8706

Summary: CVE-2026-8706 affects Firefox for iOS Reader mode when it runs its own unauthenticated local web server. The issue allows another app on the same device to request arbitrary URLs and receive the response rendered using the signed-in user’s cookies. Affected component: Firefox for iOS Rea...

6.5CVSS5.9AI score0.00192EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/25 4:17 p.m.4 views

CVE-2026-2634

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4...

9.8CVSS5.7AI score0.00308EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.10 views

Mozilla Firefox for iOS 安全漏洞

Mozilla Firefox for iOS is a web browser designed for iOS devices by the Mozilla Foundation in the United States. Versions of Mozilla Firefox for iOS prior to 147.4 contained a security vulnerability. This vulnerability allowed malicious scripts to cause the address bar and web content to be out ...

9.8CVSS5.8AI score0.00308EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.9 views

PT-2026-21689

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 147.4 Description A flaw exists in Firefox for iOS that could allow malicious scripts to cause a mismatch between the address bar display and the actual web content. This could lead to a user being presented...

9.8CVSS5.3AI score0.00308EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/17 7:24 p.m.6 views

CVE-2026-2032

Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1...

4.3CVSS5.9AI score0.0015EPSS
Exploits0References1
Mozilla
Mozilla
added 2026/02/09 12:0 a.m.9 views

Security Vulnerabilities fixed in Firefox for iOS 147.2.1 — Mozilla

Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain...

4.3CVSS5.7AI score0.0015EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.7 views

CVE-2023-49061

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS 120...

6.1CVSS6.4AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.7 views

CVE-2022-31746

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS 102...

6.5CVSS6.3AI score0.00412EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-14744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files ...

6.5CVSS5.8AI score0.00169EPSS
Exploits0References2
OSV
OSV
added 2025/12/18 3:15 p.m.5 views

CVE-2025-14744

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS 144.0...

6.5CVSS5.8AI score0.00169EPSS
Exploits0References2
CVE
CVE
added 2025/12/18 2:21 p.m.19 views

CVE-2025-14744

CVE-2025-14744 concerns Unicode RTLO spoofing in Firefox for iOS prior to version 144.0. The issue allows a malicious website to render spoofed filenames in the downloads UI, potentially misleading users into saving files with an unintended file type. Affected product: Firefox for iOS

6.5CVSS5.8AI score0.00169EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2025/12/15 12:0 a.m.15 views

Security Vulnerabilities fixed in Firefox for iOS 144.0 — Mozilla

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type...

6.5CVSS6.7AI score0.00169EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-53144

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00412EPSS
Exploits0References3
Rows per page
Query Builder