Apple
CVE-2026-2634
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability affects Firefox for iOS < 147.4.
AnalysisAI
Address bar spoofing in Firefox before 148 allows malicious scripts to desynchronize the displayed URL from actual web content before receiving a response, enabling phishing attacks.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions — remote unauthenticated exploitation against Firefox for iOS versions before 147.4. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 9.8. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | Attacker crafts page that triggers desync, shows bank URL in address bar while displaying phishing form that captures credentials. |
| Remediation | Update Firefox to 148 or later. Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Issue security alert to all staff using Firefox iOS, advising against business-critical transactions on affected versions and recommending Chrome/Safari as temporary alternatives. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Arbitrary JavaScript execution in Mozilla's PDF.js library affects Firefox before 126, Firefox ESR before 115.11, and Th
A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer over
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. Rated critical severity
JIT miscompilation in Firefox WebAssembly before 148. The JIT compiler generates incorrect Wasm code, enabling type conf
Firefox and Thunderbird URL truncation flaw enables spoofing attacks by displaying misleading origins in the address bar
Memory safety bugs present in Firefox 133 and Thunderbird 133. Rated critical severity (CVSS 9.8), this vulnerability is
A double-close vulnerability exists in libcurl when tearing down connection channels after threaded name resolution, cau
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7
Service Workers in Mozilla Firefox and Thunderbird versions below 147 are vulnerable to remote denial-of-service attacks
JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. Rated mediu
The Thunderbird Address Book URI fields contained unsanitized links. Rated medium severity (CVSS 5.4), this vulnerabilit
Second sandbox escape in Firefox WebRender component. CVSS 10.0 — independent path from CVE-2026-2760 to escape the cont
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today