CVE-2025-23108

CVE-2025-23108: Firefox Mobile iOS Full Address Bar Spoof Using Open in New Tab and Javascript URI

Published January 11, 2025
Last update May 20, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability was fixed in Firefox for iOS 134.

Key dates

Disclosure timeline

January 11, 2025 CVE published
May 20, 2026 Record updated