Home

Description

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS < 144.0.

PUBLISHED Reserved 2025-12-15 | Published 2025-12-18 | Updated 2025-12-18 | Assigner mozilla

Product status

Any version before 144.0
affected

Credits

Azril

References

bugzilla.mozilla.org/show_bug.cgi?id=1984683

www.mozilla.org/security/advisories/mfsa2025-97/

cve.org (CVE-2025-14744)

nvd.nist.gov (CVE-2025-14744)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.