CVE-2025-55032 | THREATINT

Description

Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS < 142.

PUBLISHED Reserved 2025-08-05 | Published 2025-08-19 | Updated 2025-08-20 | Assigner mozilla

Problem types

Focus incorrectly ignores Content-Disposition headers for some MIME types

Product status

Any version before 142

affected

Credits

Renwa

References

bugzilla.mozilla.org/show_bug.cgi?id=1976296

www.mozilla.org/security/advisories/mfsa2025-69/

cve.org (CVE-2025-55032)

nvd.nist.gov (CVE-2025-55032)

Download JSON