CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5020
https://notcve.org/view.php?id=CVE-2025-5020
21 May 2025 — Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS < 139. • https://bugzilla.mozilla.org/show_bug.cgi?id=1951558 • CWE-939: Improper Authorization in Handler for Custom URL Scheme •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-27425
https://notcve.org/view.php?id=CVE-2025-27425
04 Mar 2025 — Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS < 136. • https://bugzilla.mozilla.org/show_bug.cgi?id=1941525 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27424
https://notcve.org/view.php?id=CVE-2025-27424
04 Mar 2025 — Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136. • https://bugzilla.mozilla.org/show_bug.cgi?id=1945392 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-27426
https://notcve.org/view.php?id=CVE-2025-27426
04 Mar 2025 — Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136. • https://bugzilla.mozilla.org/show_bug.cgi?id=1933079 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23109
https://notcve.org/view.php?id=CVE-2025-23109
11 Jan 2025 — Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS < 134. • https://bugzilla.mozilla.org/show_bug.cgi?id=1419275 • CWE-346: Origin Validation Error •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23108
https://notcve.org/view.php?id=CVE-2025-23108
11 Jan 2025 — Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS < 134. • https://bugzilla.mozilla.org/show_bug.cgi?id=1933172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53976
https://notcve.org/view.php?id=CVE-2024-53976
26 Nov 2024 — Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133. • https://bugzilla.mozilla.org/show_bug.cgi?id=1905749 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53975
https://notcve.org/view.php?id=CVE-2024-53975
26 Nov 2024 — Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133. • https://bugzilla.mozilla.org/show_bug.cgi?id=1843467 •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10474
https://notcve.org/view.php?id=CVE-2024-10474
29 Oct 2024 — Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132. • https://bugzilla.mozilla.org/show_bug.cgi?id=1863832 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10004
https://notcve.org/view.php?id=CVE-2024-10004
15 Oct 2024 — Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2. • https://bugzilla.mozilla.org/show_bug.cgi?id=1904885 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •