CVE-2025-55031 | THREATINT

Description

Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects Firefox for iOS < 142 and Focus for iOS < 142.

PUBLISHED Reserved 2025-08-05 | Published 2025-08-19 | Updated 2025-08-20 | Assigner mozilla

Problem types

Passkey phishing within Bluetooth range

Product status

Any version before 142

affected

Any version before 142

affected

Credits

Hafiizh

References

bugzilla.mozilla.org/show_bug.cgi?id=1979499

bugzilla.mozilla.org/show_bug.cgi?id=1979804

www.mozilla.org/security/advisories/mfsa2025-68/

www.mozilla.org/security/advisories/mfsa2025-69/

cve.org (CVE-2025-55031)

nvd.nist.gov (CVE-2025-55031)

Download JSON