Mozilla Foundation Security Advisory 2025-06

Security Vulnerabilities fixed in Firefox for iOS 134

Announced

January 10, 2025

Impact

moderate

Products

Firefox for iOS

Fixed in

Firefox for iOS 134

#CVE-2025-23108: Firefox Mobile iOS Full Address Bar Spoof Using Open in New Tab and Javascript URI

Reporter: Renwa
Impact: moderate

Description

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab.

References

Bug 1933172

#CVE-2025-23109: Address bar spoofing on iOS using long hostnames

Reporter: Khalil Zhani
Impact: moderate

Description

Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address

References

Bug 1419275

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising

Mozilla Foundation Security Advisory 2025-06

Security Vulnerabilities fixed in Firefox for iOS 134

#CVE-2025-23108: Firefox Mobile iOS Full Address Bar Spoof Using Open in New Tab and Javascript URI

Description

References

#CVE-2025-23109: Address bar spoofing on iOS using long hostnames

Description

References