CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23109
https://notcve.org/view.php?id=CVE-2025-23109
11 Jan 2025 — Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS < 134. • https://bugzilla.mozilla.org/show_bug.cgi?id=1419275 • CWE-346: Origin Validation Error •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23108
https://notcve.org/view.php?id=CVE-2025-23108
11 Jan 2025 — Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS < 134. • https://bugzilla.mozilla.org/show_bug.cgi?id=1933172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53976
https://notcve.org/view.php?id=CVE-2024-53976
26 Nov 2024 — Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133. • https://bugzilla.mozilla.org/show_bug.cgi?id=1905749 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53975
https://notcve.org/view.php?id=CVE-2024-53975
26 Nov 2024 — Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133. • https://bugzilla.mozilla.org/show_bug.cgi?id=1843467 •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10474
https://notcve.org/view.php?id=CVE-2024-10474
29 Oct 2024 — Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132. • https://bugzilla.mozilla.org/show_bug.cgi?id=1863832 •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10004
https://notcve.org/view.php?id=CVE-2024-10004
15 Oct 2024 — Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2. • https://bugzilla.mozilla.org/show_bug.cgi?id=1904885 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8399
https://notcve.org/view.php?id=CVE-2024-8399
03 Sep 2024 — Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130. • https://bugzilla.mozilla.org/show_bug.cgi?id=1863838 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43111
https://notcve.org/view.php?id=CVE-2024-43111
06 Aug 2024 — Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129. • https://bugzilla.mozilla.org/show_bug.cgi?id=1874907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43113
https://notcve.org/view.php?id=CVE-2024-43113
06 Aug 2024 — The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. • https://bugzilla.mozilla.org/show_bug.cgi?id=1874964 •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43112
https://notcve.org/view.php?id=CVE-2024-43112
06 Aug 2024 — Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129. • https://bugzilla.mozilla.org/show_bug.cgi?id=1874910 •