Mozilla Foundation Security Advisory 2025-39

Security Vulnerabilities fixed in Firefox for iOS 139

Announced

May 20, 2025

Impact

low

Products

Firefox for iOS

Fixed in

Firefox for iOS 139

#CVE-2025-5020: Links using non-HTTP schemes opened from other apps such as Safari could have allowed spoofing of website addresses

Reporter: James Lee
Impact: low

Description

Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client

References

Bug 1951558

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising

Mozilla Builders

Mozilla New Products