CVE-2025-10859

MEDIUM

Firefox for iOS < 143.1 - Info Disclosure

Title source: llm

Description

Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1.

References (2)

[Issue Tracking, Permissions Required] https://bugzilla.mozilla.org/show_bug.cgi?id=1684624

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2025-79/

Scores

CVSS v3 4.0

EPSS 0.0002

EPSS Percentile 4.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-359

Status published

Products (2)

mozilla/firefox < 143.1.0

Mozilla/Firefox for iOS 143.1

Published Sep 30, 2025

Tracked Since Feb 18, 2026