CVE-2025-12428

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

Mozilla Firefox for iOS Cross-Site Scripting Vulnerability (CNVD-2025-19567)

Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A cross-site scripting vulnerability exists in Mozilla Firefox for iOS prior to version 142, which stems from an improper handling of the Content-Disposition header and can be exploited by an...

Mozilla Focus for iOS cross-site scripting vulnerability (CNVD-2025-19558)

Mozilla Focus for iOS is a privacy browser from the US-based Mozilla Foundation designed for iOS devices. A cross-site scripting vulnerability exists in Mozilla Focus for iOS prior to version 142, which stems from an improper handling of the Content-Disposition header, and can be exploited by an...

CVE-2025-55032

Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142...

CVE-2025-9186

Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox 142...

CVE-2025-55030

Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks This vulnerability affects Firefox for iOS 142...

CVE-2025-55032 Focus incorrectly ignores Content-Disposition headers for some MIME types

Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142...