CVE-2026-9309

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...

CVE-2026-9308 Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

SUSE CVE-2026-8706

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0...

CVE-2026-8706

Summary: CVE-2026-8706 affects Firefox for iOS Reader mode when it runs its own unauthenticated local web server. The issue allows another app on the same device to request arbitrary URLs and receive the response rendered using the signed-in user’s cookies. Affected component: Firefox for iOS Rea...

EUVD-2026-30943

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0...

CVE-2026-2634

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4...

PT-2026-21689

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 147.4 Description A flaw exists in Firefox for iOS that could allow malicious scripts to cause a mismatch between the address bar display and the actual web content. This could lead to a user being presented...

Mozilla Firefox for iOS 安全漏洞

Mozilla Firefox for iOS is a web browser designed for iOS devices by the Mozilla Foundation in the United States. Versions of Mozilla Firefox for iOS prior to 147.4 contained a security vulnerability. This vulnerability allowed malicious scripts to cause the address bar and web content to be out ...

CVE-2026-2032

Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1...

Security Vulnerabilities fixed in Firefox for iOS 147.2.1 — Mozilla

Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain...

CVE-2023-49061

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS 120...

CVE-2022-31746

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS 102...

Linux Distros Unpatched Vulnerability : CVE-2025-14744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files ...

CVE-2025-14744

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS 144.0...

CVE-2025-14744

CVE-2025-14744 concerns Unicode RTLO spoofing in Firefox for iOS prior to version 144.0. The issue allows a malicious website to render spoofed filenames in the downloads UI, potentially misleading users into saving files with an unintended file type. Affected product: Firefox for iOS

Security Vulnerabilities fixed in Firefox for iOS 144.0 — Mozilla

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type...

EUVD-2022-53144

Malicious code in bioql PyPI...

EUVD-2023-53083

Malicious code in bioql PyPI...

EUVD-2025-16036

Malicious code in bioql PyPI...

EUVD-2023-53084

Malicious code in bioql PyPI...