Home

Description

Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142.

PUBLISHED Reserved 2025-08-05 | Published 2025-08-19 | Updated 2025-08-20 | Assigner mozilla

Problem types

Drag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectly

Product status

Any version before 142
affected

Credits

Muneaki Nishimura

References

bugzilla.mozilla.org/show_bug.cgi?id=1913825

www.mozilla.org/security/advisories/mfsa2025-69/

cve.org (CVE-2025-55033)

nvd.nist.gov (CVE-2025-55033)

Download JSON