Severity
High
Analysis Summary
CVE-2025-23109 CVSS:6.5
Mozilla Firefox for iOS could allow a remote attacker to conduct spoofing attacks, caused by an error when using long hostnames in URLs. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the address bar.
CVE-2025-23108 CVSS:6.5
Mozilla Firefox for iOS could allow a remote attacker to conduct spoofing attacks, caused by an error when opening Javascript links in a new tab via long-press. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL of the new tab.
CVE-2025-0240 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by a compartment mismatch when parsing JavaScript JSON module. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
Impact
- Security Bypass
- Gain Access
Indicators of Compromise
CVE
CVE-2025-23109
CVE-2025-23108
CVE-2025-0240
Affected Vendors
Affected Products
- Mozilla Firefox for iOS - 133
- Mozilla Firefox - 133.0
- Mozilla Firefox ESR - 128.5
Remediation
Upgrade to the latest version of Firefox, available from the Mozilla Website.