CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-54143
https://notcve.org/view.php?id=CVE-2025-54143
22 Jul 2025 — Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page •
CVSS: 5.8EPSS: %CPEs: 1EXPL: 0CVE-2025-54144
https://notcve.org/view.php?id=CVE-2025-54144
22 Jul 2025 — The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link •
CVSS: 7.1EPSS: %CPEs: 1EXPL: 0CVE-2025-54145
https://notcve.org/view.php?id=CVE-2025-54145
22 Jul 2025 — The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5020
https://notcve.org/view.php?id=CVE-2025-5020
21 May 2025 — Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS < 139. • https://bugzilla.mozilla.org/show_bug.cgi?id=1951558 • CWE-939: Improper Authorization in Handler for Custom URL Scheme •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-27425
https://notcve.org/view.php?id=CVE-2025-27425
04 Mar 2025 — Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS < 136. • https://bugzilla.mozilla.org/show_bug.cgi?id=1941525 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27424
https://notcve.org/view.php?id=CVE-2025-27424
04 Mar 2025 — Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136. • https://bugzilla.mozilla.org/show_bug.cgi?id=1945392 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-27426
https://notcve.org/view.php?id=CVE-2025-27426
04 Mar 2025 — Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136. • https://bugzilla.mozilla.org/show_bug.cgi?id=1933079 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23109
https://notcve.org/view.php?id=CVE-2025-23109
11 Jan 2025 — Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS < 134. • https://bugzilla.mozilla.org/show_bug.cgi?id=1419275 • CWE-346: Origin Validation Error •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23108
https://notcve.org/view.php?id=CVE-2025-23108
11 Jan 2025 — Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS < 134. • https://bugzilla.mozilla.org/show_bug.cgi?id=1933172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53976
https://notcve.org/view.php?id=CVE-2024-53976
26 Nov 2024 — Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133. • https://bugzilla.mozilla.org/show_bug.cgi?id=1905749 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •