Skip to main content

Firefox for iOS CVE-2026-14906

MEDIUM
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-07-13 mozilla
5.3
CVSS 3.1 · Vendor: mozilla
Share

Severity by source

Vendor (mozilla) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vuln.today AI
5.4 MEDIUM

User must actively save PDF (UI:R); overwrite affects integrity and availability within sandbox, not confidentiality.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (mozilla).

CVSS VectorVendor: mozilla

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 13, 2026 - 21:21 vuln.today
CVSS changed
Jul 13, 2026 - 20:22 NVD
5.3 (MEDIUM)
CVE Published
Jul 13, 2026 - 18:27 cve.org
MEDIUM 5.3
CVE Published
Jul 13, 2026 - 18:27 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4.

AnalysisAI

PDF save functionality in Firefox for iOS allows maliciously crafted page titles to manipulate the output file path, enabling overwrites of existing PDF files or bundled application content within the Firefox iOS sandbox. All versions prior to 152.4 on Apple iOS devices are affected. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker crafts page with malicious title
Delivery
Victim visits page in Firefox for iOS
Exploit
Victim initiates Save as PDF action
Execution
Unsanitized title resolves to traversal path
Impact
Target file overwritten within app sandbox

Vulnerability AssessmentAI

Exploitation Exploitation requires three specific conditions: (1) the victim must be running Firefox for iOS prior to version 152.4 on an Apple iOS device - desktop and Android versions are not affected; (2) the victim must actively use the 'Save as PDF' functionality on the attacker-controlled page, meaning passive browsing alone is insufficient; (3) the attacker must control the HTML page title, which is trivially satisfied for any attacker-operated web server. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.1 score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) presents internal inconsistencies worth flagging: the description describes file overwriting - an integrity impact - yet the vector encodes I:N and C:L with no explanation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a webpage containing a crafted HTML title tag with path traversal sequences or special characters (e.g., '../documents/target.pdf'). When an iOS user browsing with Firefox visits the page and uses the 'Save as PDF' share action, the unsanitized title is used to construct the output file path, causing the generated PDF to overwrite an existing file within the Firefox app sandbox rather than being saved at the expected location. …
Remediation Vendor-released patch: Firefox for iOS 152.4. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-14906 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy