Skip to main content

Firefox For Ios

4 CVEs product

Monthly

CVE-2026-14906 MEDIUM This Month

PDF save functionality in Firefox for iOS allows maliciously crafted page titles to manipulate the output file path, enabling overwrites of existing PDF files or bundled application content within the Firefox iOS sandbox. All versions prior to 152.4 on Apple iOS devices are affected. An attacker operating a malicious website can lure a user into saving a page as PDF, causing the crafted title to resolve to an unintended file path within the app sandbox - potentially corrupting application state or stored documents. No public exploit has been identified at time of analysis, though SSVC classifies the vulnerability as automatable with partial technical impact.

Apple File Upload Mozilla Firefox For Ios
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-53900 MEDIUM This Month

Cookie injection in Firefox for iOS (all versions prior to 152.0) arises from the browser's TemporaryDocument PDF handling mechanism incorrectly preserving cookies from an initial PDF request across cross-origin HTTP redirects. This violates same-origin cookie isolation, enabling a malicious site to inject arbitrary cookies into requests directed at an unrelated target domain and potentially manipulate session or authentication state on that domain. No public exploit code has been identified and no CISA KEV listing exists; the CVSS vector (AV:N/AC:L/PR:N/UI:R) indicates low-complexity remote exploitability contingent on user interaction, and Mozilla has shipped a vendor-released patch in Firefox for iOS 152.0.

Mozilla Apple Code Injection Firefox For Ios
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-53899 MEDIUM This Month

Cookie leakage in Firefox for iOS prior to 152.0 allows an attacker-controlled suffix domain to intercept cookies intended for a target site during PDF request handling. The browser's PDF loading code path applied partial rather than exact-origin domain matching when deciding which cookies to attach, meaning a domain such as 'evilbank.com' could satisfy a suffix match against 'bank.com' and receive that site's cookies. No active exploitation is confirmed, but the SSVC framework rates this as automatable with partial technical impact, making it a credible session-hijacking vector for users on unpatched versions.

Mozilla Apple Information Disclosure Firefox For Ios
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-9078 MEDIUM This Month

Firefox for iOS misrepresents attacker-controlled domains as trusted origins through improper rendering of right-to-left Unicode characters and internationalized domain names (IDNs) in the link preview UI surface, enabling a spoofing/phishing attack against users on any iOS version prior to 151.1. The CVSS vector (PR:N/UI:R) indicates unauthenticated network-reachable exploitation contingent on user interaction with a crafted link. EPSS at the 5th percentile and SSVC exploitation status of 'none' confirm no active exploitation or public exploit code has been identified at time of analysis, positioning this as a targeted phishing risk rather than a broad automated threat.

Apple Information Disclosure Mozilla Firefox For Ios
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

PDF save functionality in Firefox for iOS allows maliciously crafted page titles to manipulate the output file path, enabling overwrites of existing PDF files or bundled application content within the Firefox iOS sandbox. All versions prior to 152.4 on Apple iOS devices are affected. An attacker operating a malicious website can lure a user into saving a page as PDF, causing the crafted title to resolve to an unintended file path within the app sandbox - potentially corrupting application state or stored documents. No public exploit has been identified at time of analysis, though SSVC classifies the vulnerability as automatable with partial technical impact.

Apple File Upload Mozilla +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cookie injection in Firefox for iOS (all versions prior to 152.0) arises from the browser's TemporaryDocument PDF handling mechanism incorrectly preserving cookies from an initial PDF request across cross-origin HTTP redirects. This violates same-origin cookie isolation, enabling a malicious site to inject arbitrary cookies into requests directed at an unrelated target domain and potentially manipulate session or authentication state on that domain. No public exploit code has been identified and no CISA KEV listing exists; the CVSS vector (AV:N/AC:L/PR:N/UI:R) indicates low-complexity remote exploitability contingent on user interaction, and Mozilla has shipped a vendor-released patch in Firefox for iOS 152.0.

Mozilla Apple Code Injection +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Cookie leakage in Firefox for iOS prior to 152.0 allows an attacker-controlled suffix domain to intercept cookies intended for a target site during PDF request handling. The browser's PDF loading code path applied partial rather than exact-origin domain matching when deciding which cookies to attach, meaning a domain such as 'evilbank.com' could satisfy a suffix match against 'bank.com' and receive that site's cookies. No active exploitation is confirmed, but the SSVC framework rates this as automatable with partial technical impact, making it a credible session-hijacking vector for users on unpatched versions.

Mozilla Apple Information Disclosure +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Firefox for iOS misrepresents attacker-controlled domains as trusted origins through improper rendering of right-to-left Unicode characters and internationalized domain names (IDNs) in the link preview UI surface, enabling a spoofing/phishing attack against users on any iOS version prior to 151.1. The CVSS vector (PR:N/UI:R) indicates unauthenticated network-reachable exploitation contingent on user interaction with a crafted link. EPSS at the 5th percentile and SSVC exploitation status of 'none' confirm no active exploitation or public exploit code has been identified at time of analysis, positioning this as a targeted phishing risk rather than a broad automated threat.

Apple Information Disclosure Mozilla +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy