EUVD-2025-29552

Malicious code in bioql PyPI...

CVE-2025-10290

Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press. This vulnerability was fixed in Focus for iOS...

CVE-2025-10290

Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press. This vulnerability was fixed in Focus for iOS...

Security Vulnerabilities fixed in Focus for iOS 143.0 — Mozilla

Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press...

CVE-2025-55033

Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142...

CVE-2025-55031

Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability was fixed...

PT-2025-33876 · Mozilla · Focus For Ios +1

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 142 Focus for iOS versions prior to 142 Description: Malicious pages could exploit Firefox for iOS to pass FIDO links to the operating system, triggering the hybrid passkey transport. An attacker within...

Security Vulnerabilities fixed in Focus for iOS 142 — Mozilla

Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS...

User Interface (UI) Misrepresentation of Critical Information

Overview mozilla-mobile/firefox-ios is a The source code and project files for the Firefox Focus application on the iOS platform. Affected versions of this package are vulnerable to User Interface UI Misrepresentation of Critical Information due to the truncating behavior in the location view. An...

Mozilla Focus for iOS Spoofing Vulnerability (CNVD-2024-40517)

Mozilla Focus is a browser for iOS devices from the Mozilla Foundation. Mozilla Focus for iOS is vulnerable to a spoofing vulnerability caused by an error related to the use of Javascript links. An attacker can exploit this vulnerability to spoof URL addresses in the Focus navigation bar...

CVE-2024-8399

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS 130...

CVE-2024-1563

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...

CVE-2024-0605

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affec...

PT-2024-15683 · Facebook · Focus

Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 122 Description: The issue allows an attacker to execute unauthorized scripts on top origin sites in the urlbar by using a javascript: URI with a setTimeout race condition. This bypasses security measures,...