Description
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link This vulnerability affects Firefox for iOS < 141.
Problem types
Internal Firefox open-text URL scheme allowed loading of arbitrary URLs
Product status
Credits
James Lee
References
bugzilla.mozilla.org/show_bug.cgi?id=1946062
www.mozilla.org/security/advisories/mfsa2025-60/
