CVE-2025-55030 | THREATINT

Description

Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks This vulnerability affects Firefox for iOS < 142.

PUBLISHED Reserved 2025-08-05 | Published 2025-08-19 | Updated 2025-08-20 | Assigner mozilla

Problem types

Content-Disposition headers incorrectly ignored for some MIME types

Product status

Any version before 142

affected

Credits

Renwa

References

bugzilla.mozilla.org/show_bug.cgi?id=1976304

www.mozilla.org/security/advisories/mfsa2025-68/

cve.org (CVE-2025-55030)

nvd.nist.gov (CVE-2025-55030)

Download JSON