CVE-2025-14744

CVE-2025-14744 concerns Unicode RTLO spoofing in Firefox for iOS prior to version 144.0. The issue allows a malicious website to render spoofed filenames in the downloads UI, potentially misleading users into saving files with an unintended file type. Affected product: Firefox for iOS

CVE-2025-14744 Filename spoofing via Unicode Right-to-Left Override in Firefox for iOS

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0...

CVE-2025-11713 Potential user-assisted code execution in “Copy as cURL” command

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and...

PT-2025-41906

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 144 Description A malicious webpage could create a fake address bar to deceive users when the address bar was hidden due to scrolling on Android devices. This occurred in response to a visibilitychange event...