3 matches found
CVE-2026-53899 Cross-origin cookies could be leaked when opening a PDF link
Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0...
CVE-2026-53899
CVE-2026-53899 affects Firefox for iOS. The issue arises from partial domain matching when attaching cookies to PDF requests, enabling a malicious site on a suffix domain to receive cookies belonging to the target site. The root cause is tied to how cookies were matched during PDF handling, leadi...
Security Vulnerabilities fixed in Firefox for iOS 152.0 — Mozilla
Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in...