CVE-2025-54145

The CVE-2025-54145 issue affects Mozilla Firefox for iOS, specifically versions before 141. The vulnerability arises from the QR scanner and Firefox’s open-text URL scheme, which could cause a user to load arbitrary websites. Documented impact is high (H) with user interaction required and no pri...

CVE-2024-26283

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...

CVE-2024-26283

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...

CVE-2024-26283

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...

CVE-2024-1563

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...

Race condition

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...

CVE-2024-26283

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...

CVE-2024-1563

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...

CVE-2024-1563

CVE-2024-1563 affects Mozilla Firefox for iOS Focus prior to version 122. The issue is a timeout race condition involving opening an external URL with a custom Firefox scheme, allowing an attacker to run unauthorized scripts on the top-origin page via a JavaScript URI. Connected documents confirm...

PT-2024-18134 · Mozilla +1 · Firefox +1

Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 122 Description: An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition...

Security Vulnerabilities fixed in Focus for iOS 122 — Mozilla

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition...

Security Vulnerabilities fixed in Firefox for iOS 123 — Mozilla

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. Upon scanning a JavaScri...