Mozilla Foundation Security Advisory 2026-65
Security Vulnerabilities fixed in Firefox for iOS 152.3
- Announced
- July 5, 2026
- Impact
- moderate
- Products
- Firefox for iOS
- Fixed in
-
- Firefox for iOS 152.3
#CVE-2026-13356: Interrupted navigation could allow address bar origin spoofing in Firefox for iOS
- Reporter
- Azza Tegar Naufal Ataullah
- Impact
- moderate
Description
A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content.