Skip to main content

Firefox for iOS CVE-2026-53899

| EUVDEUVD-2026-37077 MEDIUM
Insufficient Verification of Data Authenticity (CWE-345)
2026-06-16 mozilla GHSA-848m-8qg2-wmrv
6.5
CVSS 3.1 · Vendor: mozilla
Share

Severity by source

Vendor (mozilla) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
vuln.today AI
5.4 MEDIUM

UI:R assigned because the victim must navigate to or load content from the attacker-controlled suffix domain to trigger the PDF cookie-leak path.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (mozilla).

CVSS VectorVendor: mozilla

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jun 16, 2026 - 17:26 vuln.today
CVSS changed
Jun 16, 2026 - 17:22 NVD
6.5 (None) 6.5 (MEDIUM)
CVE Published
Jun 16, 2026 - 11:53 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 16, 2026 - 11:53 cve.org
MEDIUM 6.5

DescriptionCVE.org

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0.

AnalysisAI

Cookie leakage in Firefox for iOS prior to 152.0 allows an attacker-controlled suffix domain to intercept cookies intended for a target site during PDF request handling. The browser's PDF loading code path applied partial rather than exact-origin domain matching when deciding which cookies to attach, meaning a domain such as 'evilbank.com' could satisfy a suffix match against 'bank.com' and receive that site's cookies. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker registers suffix-matching domain
Delivery
Hosts page with auto-loading PDF resource
Exploit
Victim with active target-site cookies loads attacker page in Firefox for iOS
Execution
PDF fetch incorrectly attaches target-domain cookies
Persist
Attacker server captures session cookies
Impact
Attacker replays cookies to impersonate victim on target site

Vulnerability AssessmentAI

Exploitation Exploitation requires three concurrent conditions: (1) the victim must be using Firefox for iOS at a version prior to 152.0; (2) the victim's browser session must contain cookies for the target domain at the time the PDF request is triggered; and (3) the attacker must control a domain that satisfies a suffix string match against the target domain and must be able to cause the victim's browser to initiate a PDF resource request - most plausibly via an embedded PDF object or iframe on a page the victim visits. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) characterizes this as a medium-severity, remotely exploitable, low-complexity flaw with no privilege or user-interaction requirement. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers a domain that is a string suffix of the target site's domain (e.g., targeting users of 'payments.example.com' by registering 'ments.example.com' or a lookalike). The attacker hosts a page containing an auto-loading PDF iframe or redirect that causes the victim's Firefox for iOS browser - in a session where the victim holds valid cookies for the target domain - to make a PDF fetch request. …
Remediation The primary remediation is to update Firefox for iOS to version 152.0 or later, available through the Apple App Store. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53899 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy