CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2026-2032 – Interrupted page loads in new tabs could allow website spoofing under trusted domains in Firefox iOS
https://notcve.org/view.php?id=CVE-2026-2032
16 Feb 2026 — Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability affects Firefox for iOS < 147.2.1. Scripts maliciosos que interrumpen la carga de la página de nueva pestaña podrían causar desincronización entre la barra de direcciones y el contenido de la página, permitiendo al atacante suplantar HTML arbitrario bajo un dominio de confianza. Esta vulnerabilid... • https://bugzilla.mozilla.org/show_bug.cgi?id=2012152 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-14744 – Filename spoofing via Unicode Right-to-Left Override in Firefox for iOS
https://notcve.org/view.php?id=CVE-2025-14744
18 Dec 2025 — Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS < 144.0. Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0. • https://bugzilla.mozilla.org/show_bug.cgi?id=1984683 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5020 – Links using non-HTTP schemes opened from other apps such as Safari could have allowed spoofing of website addresses
https://notcve.org/view.php?id=CVE-2025-5020
21 May 2025 — Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client. This vulnerability was fixed in Firefox for iOS 139. Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox f... • https://bugzilla.mozilla.org/show_bug.cgi?id=1951558 • CWE-939: Improper Authorization in Handler for Custom URL Scheme •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-27425 – QR code user confirmation bypass with invalid protocol
https://notcve.org/view.php?id=CVE-2025-27425
04 Mar 2025 — Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS < 136. Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136. • https://bugzilla.mozilla.org/show_bug.cgi?id=1941525 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27424 – Firefox Mobile iOS Address Bar Spoof Using Server-Side Redirect to non-http Scheme
https://notcve.org/view.php?id=CVE-2025-27424
04 Mar 2025 — Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136. Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was fixed in Firefox for iOS 136. • https://bugzilla.mozilla.org/show_bug.cgi?id=1945392 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-27426 – Firefox Mobile iOS Full Address Bar Spoof Using Server-Side Redirect to internal error page
https://notcve.org/view.php?id=CVE-2025-27426
04 Mar 2025 — Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136. Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136. • https://bugzilla.mozilla.org/show_bug.cgi?id=1933079 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2025-23109 – Address bar spoofing on iOS using long hostnames
https://notcve.org/view.php?id=CVE-2025-23109
11 Jan 2025 — Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS < 134. Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerability was fixed in Firefox for iOS 134. • https://bugzilla.mozilla.org/show_bug.cgi?id=1419275 • CWE-346: Origin Validation Error •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0CVE-2025-23108 – Firefox Mobile iOS Full Address Bar Spoof Using Open in New Tab and Javascript URI
https://notcve.org/view.php?id=CVE-2025-23108
11 Jan 2025 — Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS < 134. Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability was fixed in Firefox for iOS 134. • https://bugzilla.mozilla.org/show_bug.cgi?id=1933172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53976
https://notcve.org/view.php?id=CVE-2024-53976
26 Nov 2024 — Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133. • https://bugzilla.mozilla.org/show_bug.cgi?id=1905749 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53975
https://notcve.org/view.php?id=CVE-2024-53975
26 Nov 2024 — Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133. • https://bugzilla.mozilla.org/show_bug.cgi?id=1843467 •