17 matches found
PT-2026-21830
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability affects Focus for iOS...
EUVD-2026-6083
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability affects Firefox for iOS 147.2.1...
CVE-2026-2032
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1...
EUVD-2025-25227
Malicious code in bioql PyPI...
CVE-2025-54144
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link This vulnerability affects Firefox for iOS 141...
CVE-2025-54145
The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme This vulnerability affects Firefox for iOS 141...
CVE-2025-55030
CVE-2025-55030 concerns Firefox for iOS where a mis-handling of the Content-Disposition header (Attachment) allows inline content display and potential XSS. Affected: Firefox for iOS versions prior to 142. Root cause: improper handling of the Content-Disposition header for certain MIME types. Imp...
CVE-2025-54144
Summary: CVE-2025-54144 affects Firefox for iOS before version 141. The URL scheme used to facilitate searching of text queries could be abused to open arbitrary website URLs or internal pages if a user is tricked into clicking a link. This is described as a security bypass in Firefox for iOS pri...
CVE-2025-54144 Internal Firefox open-text URL scheme allowed loading of arbitrary URLs
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141...
UBUNTU-CVE-2025-54145
The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme. This vulnerability affects Firefox for iOS 141...
CVE-2025-27424
Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS 136...
CVE-2024-26283
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A cross-site scripting vulnerability exists in Mozilla Firefox for iOS, which can be exploited by an attacker to execute script in a victim's web browser using a specially crafted URL in the security...
CVE-2023-49061
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS 120...
CVE-2023-49060
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the referrerpolicy attribute. This vulnerability affects Firefox for iOS 120...
PT-2023-7113 · Mozilla · Firefox For Ios
Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 120 Description: The issue is related to the Reader Mode in Firefox for iOS, where the browser fails to neutralize HTML tags, allowing an attacker to perform HTML template injection. This could enable a remot...
CVE-2021-29958
When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS 34...