28 matches found
EUVD-2026-37077
Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0...
EUVD-2026-33629
Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...
Linux Distros Unpatched Vulnerability : CVE-2026-8706
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive...
EUVD-2026-8446
Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability affects Firefox for iOS 147.4...
CVE-2026-2032
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1...
CVE-2025-14744 Filename spoofing via Unicode Right-to-Left Override in Firefox for iOS
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0...
EUVD-2025-31731
Malicious code in bioql PyPI...
CVE-2025-10859 Data stored in cookies for non-HTML content while browsing Incognito could be viewed after closing private tabs
Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1...
Mozilla Firefox for iOS Security Bypass Vulnerability (CNVD-2025-19563)
Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A security bypass vulnerability exists in Mozilla Firefox for iOS prior to version 141, which can be exploited by attackers to open arbitrary website URLs or internal pages...
Mozilla Firefox for iOS Cross-Site Scripting Vulnerability (CNVD-2025-19567)
Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A cross-site scripting vulnerability exists in Mozilla Firefox for iOS prior to version 142, which stems from an improper handling of the Content-Disposition header and can be exploited by an...
CVE-2025-54143
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...
CVE-2025-55029
Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulnerability was fixed in Firefox for iOS 142...
CVE-2025-55030
Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks This vulnerability affects Firefox for iOS 142...
CVE-2025-55030
Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks. This vulnerability was fixed in Firefox for iOS 142...
CVE-2025-54143
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS 141...
CVE-2025-55029 Malicious scripts could spam popups for denial of service attacks
Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulnerability was fixed in Firefox for iOS 142...
CVE-2025-55028
CVE-2025-55028 affects Mozilla Firefox for iOS. The issue arises from malicious scripts using repetitive JavaScript alerts that can prevent user interaction, potentially enabling denial-of-service scenarios. Affected version range is Firefox for iOS before 142. The available connected documents c...
CVE-2025-54145 Scanning a malicious URL utilizing Firefox's open-text scheme with the QR code scanner could load arbitrary websites
The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme. This vulnerability was fixed in Firefox for iOS 141...
CVE-2025-54143 Sandboxed iframes could allow local downloads despite sandbox restrictions
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...
Mozilla Firefox for iOS和Mozilla Firefox Focus for iOS 安全漏洞
Mozilla Firefox for iOS and Mozilla Firefox Focus for iOS are both products of the Mozilla Foundation in the U.S. Mozilla Firefox for iOS is a web browser designed for iOS devices. Mozilla Firefox Focus for iOS is a privacy browser designed for iOS devices. A security vulnerability exists in...