CVE-2026-2634 | THREATINT

Description

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability affects Firefox for iOS < 147.4.

PUBLISHED Reserved 2026-02-17 | Published 2026-02-24 | Updated 2026-02-24 | Assigner mozilla

Product status

Any version before 147.4

affected

Credits

Renwa

References

bugzilla.mozilla.org/show_bug.cgi?id=1975529

www.mozilla.org/security/advisories/mfsa2026-12/

cve.org (CVE-2026-2634)

nvd.nist.gov (CVE-2026-2634)

Download JSON