cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-23109,https://securityvulnerability.io/vulnerability/CVE-2025-23109,Website Spoofing Vulnerability in Firefox for iOS,"This vulnerability allows malicious actors to exploit long hostnames within URLs, potentially disguising the true host of a website. By leveraging this technique, attackers can create deceptive links that may confuse users, leading them to believe they are engaging with legitimate websites when they are not. This issue specifically affects Firefox for iOS versions prior to 134, highlighting the need for users to ensure their software is up to date to mitigate the associated risks. Mozilla has released an advisory detailing this vulnerability and recommended updates.",Mozilla,Firefox For iOS,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-11T03:36:55.235Z,0
CVE-2025-23108,https://securityvulnerability.io/vulnerability/CVE-2025-23108,URL Spoofing Vulnerability in Firefox for iOS,"A security vulnerability in the Firefox for iOS browser allows malicious scripts to spoof the URL of new tabs when users open JavaScript links via long-press. This issue primarily affects versions of Firefox for iOS prior to version 134, potentially misleading users and exposing them to phishing attacks. Users are encouraged to update their browsers to the latest version to mitigate the risk associated with this vulnerability.",Mozilla,Firefox For iOS,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-11T03:36:53.989Z,0
CVE-2024-53976,https://securityvulnerability.io/vulnerability/CVE-2024-53976,Firefox for iOS Vulnerability Affects Address Visibility in Location URL Bar,"Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.",Mozilla,Firefox For iOS,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T13:34:07.977Z,0
CVE-2024-53975,https://securityvulnerability.io/vulnerability/CVE-2024-53975,Non-Existent Port Vulnerability in Firefox for iOS Prior to 133,"Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.",Mozilla,Firefox For iOS,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T13:34:07.725Z,0
CVE-2024-10004,https://securityvulnerability.io/vulnerability/CVE-2024-10004,Incorrect HTTPS Indicator in Firefox for iOS Prior to Version 131.2,Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.,Mozilla,Firefox For iOS,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-15T21:29:01.383Z,0
CVE-2024-43111,https://securityvulnerability.io/vulnerability/CVE-2024-43111,Javascript Command Injection Vulnerability in Firefox for iOS,"A command injection vulnerability exists in Firefox for iOS prior to version 129, allowing attackers to exploit the application by long pressing on a download link, potentially executing arbitrary Javascript commands within the browser context. This poses a significant risk to user data and privacy, underlining the importance of updating to secure versions.",Mozilla,Firefox For iOS,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-06T16:15:00.000Z,0
CVE-2024-43112,https://securityvulnerability.io/vulnerability/CVE-2024-43112,Cross-Site Scripting Vulnerability in Firefox for iOS,"A vulnerability has been identified in Firefox for iOS that allows for potential cross-site scripting via a long press on a download link. This flaw could enable attackers to execute arbitrary scripts in the context of a user's session, potentially compromising sensitive information or altering web application behavior. Users of affected versions should be aware of this risk and consider applying available updates to enhance their security.",Mozilla,Firefox For iOS,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-06T16:15:00.000Z,0
CVE-2024-43113,https://securityvulnerability.io/vulnerability/CVE-2024-43113,Cross-Site Scripting Vulnerability in Firefox for iOS by Mozilla,"A cross-site scripting (XSS) vulnerability has been discovered in Firefox for iOS, where the contextual menu for links may allow malicious actors to execute scripts in the context of the user's browser session. This could result in the manipulation of web content or unauthorized actions performed on behalf of the user. Affected users running versions of Firefox for iOS below 129 should update to the latest version to mitigate any potential risks associated with this vulnerability.",Mozilla,Firefox For iOS,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-06T16:15:00.000Z,0
CVE-2024-38312,https://securityvulnerability.io/vulnerability/CVE-2024-38312,Private Tab Data Persistence Vulnerability Affects Firefox for iOS,"When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127.",Mozilla,Firefox For iOS,6.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-06-13T20:01:13.543Z,0
CVE-2024-38313,https://securityvulnerability.io/vulnerability/CVE-2024-38313,Fake Location URL Bar Vulnerability Affects Firefox for iOS,In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127.,Mozilla,Firefox For iOS,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-13T20:01:13.281Z,0
CVE-2024-31392,https://securityvulnerability.io/vulnerability/CVE-2024-31392,Mixed Content Security Issue in Firefox for iOS by Mozilla,"A mixed content security flaw has been identified in Firefox for iOS, which could result in the browser failing to properly update the security icon. If an insecure element is added to a web page after a brief delay, the expected secure icon may not switch to indicate a mixed content status. This issue affects versions of Firefox for iOS prior to 124. Users are recommended to remain vigilant while browsing and apply updates at their earliest convenience to ensure secure web interactions.",Mozilla,Firefox For iOS,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-03T16:15:00.000Z,0
CVE-2024-26281,https://securityvulnerability.io/vulnerability/CVE-2024-26281,Unauthorized Script Execution Vulnerability in Firefox for iOS,"Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123.",Mozilla,Firefox For iOS,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-22T14:56:45.803Z,0
CVE-2024-26282,https://securityvulnerability.io/vulnerability/CVE-2024-26282,JavaScript Execution Vulnerability in Firefox for iOS,"Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS < 123.",Mozilla,Firefox For iOS,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-22T14:56:44.758Z,0
CVE-2024-26283,https://securityvulnerability.io/vulnerability/CVE-2024-26283,Unauthorized Script Execution Vulnerability in Firefox for iOS,An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS < 123.,Mozilla,Firefox For iOS,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-22T14:56:43.860Z,0
CVE-2024-0953,https://securityvulnerability.io/vulnerability/CVE-2024-0953,QR Code Scanner May Direct Users to Unwanted Content Without Prompt,"When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129.",Mozilla,Firefox For iOS,6.1,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-02-05T16:48:33.899Z,0
CVE-2023-49061,https://securityvulnerability.io/vulnerability/CVE-2023-49061,HTML Template Injection Vulnerability in Firefox for iOS by Mozilla,"A vulnerability has been identified in Firefox for iOS that allows an attacker to exploit HTML template injection through Reader Mode. This can lead to unauthorized access to user information, potentially compromising sensitive data. Users of Firefox for iOS versions prior to 120 are particularly at risk. Ensuring your browser is updated is recommended to mitigate exposure to this security issue.",Mozilla,Firefox for iOS,6.1,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-11-21T15:15:00.000Z,0
CVE-2023-49060,https://securityvulnerability.io/vulnerability/CVE-2023-49060,Security Flaw in Firefox for iOS Exposes Internal Data via Referrer Policy,"A flaw has been identified in Firefox for iOS that enables attackers to potentially exfiltrate sensitive internal data by exploiting the `referrerpolicy` attribute to gain access to a security key. This vulnerability impacts versions prior to 120 and poses a risk of unauthorized access to internal pages, emphasizing the need for users to update to secure versions to mitigate potential threats.",Mozilla,Firefox for iOS,9.8,CRITICAL,0.0013200000394135714,false,,false,false,false,,,false,false,,2023-11-21T15:15:00.000Z,0
CVE-2023-5758,https://securityvulnerability.io/vulnerability/CVE-2023-5758,Reflected Cross-Site Scripting in Firefox for iOS by Mozilla,"A reflected Cross-Site Scripting (XSS) vulnerability exists in Firefox for iOS when users open a page in reader mode. An attacker may exploit this flaw by manipulating the redirect URL, leading to the execution of attacker-controlled scripts in the context of the user's browser session. This poses a significant risk for users who visit maliciously crafted pages, potentially exposing sensitive information or allowing further attacks.",Mozilla,Firefox for iOS,6.1,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0
CVE-2023-37456,https://securityvulnerability.io/vulnerability/CVE-2023-37456,Session Restore Helper Crash in Firefox for iOS by Mozilla,"A vulnerability in Firefox for iOS allows the session restore helper to crash when no parameter is sent to the message handler, disrupting user sessions. This issue affects versions earlier than 115, potentially compromising user experience and stability. Users should ensure their applications are updated to mitigate any associated risks.",Mozilla,Firefox For iOS,6.5,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-07-12T14:15:00.000Z,0
CVE-2023-37455,https://securityvulnerability.io/vulnerability/CVE-2023-37455,Permission Request Prompt Overlay Vulnerability in Firefox for iOS,"A vulnerability exists in Firefox for iOS that allows for a permission request prompt to be displayed over an existing website in a different tab. This may confuse users as they could mistakenly believe they are interacting with the site in the foreground, leading to potential security risks. Affected versions include Firefox for iOS prior to version 115, highlighting the importance of keeping software updated to mitigate such risks.",Mozilla,Firefox For iOS,5.4,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-07-12T14:15:00.000Z,0
CVE-2019-17003,https://securityvulnerability.io/vulnerability/CVE-2019-17003,JavaScript Execution Vulnerability in Mozilla Products,"A vulnerability in Mozilla Firefox allows for the execution of JavaScript when scanning a QR code containing a javascript: URL. This could potentially enable attackers to run malicious scripts, compromising user data or altering browser behavior. Users are recommended to update to the latest version to mitigate the risk associated with this issue.",Mozilla,Firefox For iOS,6.1,MEDIUM,0.0009500000160187483,false,,false,false,false,,,false,false,,2023-02-16T00:00:00.000Z,0
CVE-2022-1887,https://securityvulnerability.io/vulnerability/CVE-2022-1887,SQL Injection Vulnerability in Firefox for iOS by Mozilla,"An external search term can be manipulated to execute SQL injection attacks, potentially compromising the application's data integrity. This vulnerability impacts versions of Firefox for iOS prior to 101, highlighting the need for users to upgrade to the latest version to protect against these types of threats.",Mozilla,Firefox For iOS,9.8,CRITICAL,0.0015699999639764428,false,,false,false,false,,,false,false,,2022-12-22T00:00:00.000Z,0
CVE-2022-31746,https://securityvulnerability.io/vulnerability/CVE-2022-31746,Internal URL Exposure in Firefox for iOS by Mozilla,"This vulnerability allows internal URLs to be unintentionally exposed through the Referrer header due to the improper protection of a secret UUID key. As a result, the UUID can be revealed in certain web page contexts, compromising the security of such internal resources. This issue specifically affects versions of Firefox for iOS prior to 102, and users may be at risk if their web requests inadvertently disclose sensitive information.",Mozilla,Firefox For iOS,6.5,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2022-12-22T00:00:00.000Z,0
CVE-2021-29958,https://securityvulnerability.io/vulnerability/CVE-2021-29958,,"When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS < 34.",Mozilla,Firefox For Ios,4.3,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2021-06-24T13:16:48.000Z,0
CVE-2020-15651,https://securityvulnerability.io/vulnerability/CVE-2020-15651,,A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28.,Mozilla,Firefox For iOS,4.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2020-08-10T17:43:24.000Z,0