CVE-2025-5020
MEDIUMFirefox for iOS < 139 - URL Spoofing via Non-HTTP Scheme Handler
Title source: llmDescription
Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client. This vulnerability was fixed in Firefox for iOS 139.
References (2)
Core 2
Core References
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1951558
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-39/
Scores
CVSS v3
4.3
EPSS
0.0018
EPSS Percentile
39.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-939
Status
published
Products (2)
mozilla/firefox
< 139.0
Mozilla/Firefox for iOS
139
Published
May 21, 2025
Tracked Since
Feb 18, 2026