Firefox For Ios

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScript execution in an internal origin. This vulnerability was fixed in Firefox for iOS 151.2.

Published: 2026-06-01T11:24:10.163Z
Updated: 2026-06-01T13:51:37.592Z

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was fixed in Firefox for iOS 151.2.

Published: 2026-06-01T11:24:09.708Z
Updated: 2026-06-01T13:52:59.059Z

Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This vulnerability was fixed in Firefox for iOS 151.1.

Published: 2026-05-25T14:05:47.780Z
Updated: 2026-05-26T20:09:11.212Z

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0.

Published: 2026-05-19T14:27:38.483Z
Updated: 2026-05-19T17:12:23.626Z

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4.

Published: 2026-02-24T13:33:24.725Z
Updated: 2026-04-13T13:53:52.498Z

Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1.

Published: 2026-02-16T14:13:23.899Z
Updated: 2026-04-14T15:09:28.604Z

Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client. This vulnerability was fixed in Firefox for iOS 139.

Published: 2025-05-21T17:18:08.510Z
Updated: 2026-04-13T14:30:18.166Z

Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability was fixed in Firefox for iOS 142 and Focus for iOS 142.

Published: 2025-08-19T20:52:49.748Z
Updated: 2026-04-13T14:29:00.921Z

Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks. This vulnerability was fixed in Firefox for iOS 142.

Published: 2025-08-19T20:52:48.953Z
Updated: 2026-04-13T14:31:50.247Z

Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulnerability was fixed in Firefox for iOS 142.

Published: 2025-08-19T20:52:50.120Z
Updated: 2026-04-13T14:31:53.669Z

Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks. This vulnerability was fixed in Firefox for iOS 142.

Published: 2025-08-19T20:52:49.372Z
Updated: 2026-04-13T14:31:51.918Z

The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme. This vulnerability was fixed in Firefox for iOS 141.

Published: 2025-08-19T20:52:48.366Z
Updated: 2026-04-13T14:30:56.826Z

The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141.

Published: 2025-08-19T20:52:47.918Z
Updated: 2026-04-13T14:30:54.598Z

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141.

Published: 2025-08-19T20:52:47.450Z
Updated: 2026-04-13T14:30:52.883Z

Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136.

Published: 2025-03-04T13:31:27.827Z
Updated: 2026-04-13T14:29:03.195Z

Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136.

Published: 2025-03-04T13:31:28.658Z
Updated: 2026-04-13T14:29:06.595Z

Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was fixed in Firefox for iOS 136.

Published: 2025-03-04T13:31:28.256Z
Updated: 2026-04-13T14:29:04.860Z

Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerability was fixed in Firefox for iOS 134.

Published: 2025-01-11T03:36:55.235Z
Updated: 2026-05-20T14:30:16.952Z

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability was fixed in Firefox for iOS 134.

Published: 2025-01-11T03:36:53.989Z
Updated: 2026-05-20T14:29:26.729Z

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0.

Published: 2025-12-18T14:21:12.328Z
Updated: 2026-04-13T14:31:42.899Z

Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1.

Published: 2025-09-30T12:49:07.059Z
Updated: 2026-04-13T14:31:38.944Z

Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.

Published: 2024-11-26T13:34:07.977Z
Updated: 2024-11-26T15:28:52.539Z

Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.

Published: 2024-11-26T13:34:07.725Z
Updated: 2025-10-28T14:34:17.428Z

The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.

Published: 2024-08-06T15:55:13.829Z
Updated: 2025-03-24T16:25:58.379Z

Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.

Published: 2024-08-06T15:55:13.378Z
Updated: 2025-03-17T20:03:56.155Z

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129.

Published: 2024-08-06T15:55:14.910Z
Updated: 2024-08-07T14:35:04.587Z

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127.

Published: 2024-06-13T20:01:13.281Z
Updated: 2025-03-14T15:50:21.911Z

When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127.

Published: 2024-06-13T20:01:13.543Z
Updated: 2025-03-19T14:17:43.824Z

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124.

Published: 2024-04-03T15:19:14.045Z
Updated: 2024-11-22T20:56:34.296Z

If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.

Published: 2024-04-03T15:19:14.608Z
Updated: 2024-10-30T16:15:31.793Z

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS < 123.

Published: 2024-02-22T14:56:43.860Z
Updated: 2024-08-29T13:55:40.992Z

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS < 123.

Published: 2024-02-22T14:56:44.758Z
Updated: 2025-03-13T16:15:11.466Z

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123.

Published: 2024-02-22T14:56:45.803Z
Updated: 2024-11-20T16:31:49.439Z

Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.

Published: 2024-10-15T21:29:01.383Z
Updated: 2024-10-16T19:18:25.692Z

When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129.

Published: 2024-02-05T16:48:33.899Z
Updated: 2024-10-27T22:12:29.342Z

When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119.

Published: 2023-10-24T20:11:15.306Z
Updated: 2025-06-12T15:00:36.041Z

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.

Published: 2023-11-21T14:28:55.728Z
Updated: 2024-08-02T21:46:29.100Z

An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120.

Published: 2023-11-21T14:28:55.428Z
Updated: 2024-08-02T21:46:28.962Z

The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.

Published: 2023-07-12T13:46:28.648Z
Updated: 2024-11-07T16:46:15.963Z

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.

Published: 2023-07-12T13:46:07.164Z
Updated: 2024-11-07T15:04:41.964Z

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102.

Published: 2022-12-22T00:00:00.000Z
Updated: 2025-04-15T18:24:39.294Z

The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.

Published: 2022-12-22T00:00:00.000Z
Updated: 2025-04-16T15:14:33.764Z

When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS < 34.

Published: 2021-06-24T13:16:48.000Z
Updated: 2024-08-03T22:18:03.205Z

For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS < 25.

Published: 2020-05-26T17:06:52.000Z
Updated: 2024-08-04T09:11:05.047Z

A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS < 28.

Published: 2020-08-10T17:43:23.000Z
Updated: 2024-08-04T13:22:30.615Z

A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28.

Published: 2020-08-10T17:43:23.000Z
Updated: 2024-08-04T13:22:30.630Z

A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28.

Published: 2020-08-10T17:43:24.000Z
Updated: 2024-08-04T13:22:30.401Z

IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27.

Published: 2020-07-09T14:56:06.000Z
Updated: 2024-08-04T11:56:51.933Z

For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26.

Published: 2020-07-09T14:44:16.000Z
Updated: 2024-08-04T11:56:51.728Z

Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.

Published: 2023-02-16T00:00:00.000Z
Updated: 2025-03-19T15:25:08.225Z