Mozilla Foundation Security Advisory 2025-39

Security Vulnerabilities fixed in Firefox for iOS 139

Announced
May 20, 2025
Impact
low
Products
Firefox for iOS
Fixed in
  • Firefox for iOS 139

#CVE-2025-5020: Links using non-HTTP schemes opened from other apps such as Safari could have allowed spoofing of website addresses

Reporter
James Lee
Impact
low
Description

Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client

References