CVE-2025-54144
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-19

Last updated on: 2026-04-13

Assigner: Mozilla Corporation

Description
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-19
Last Modified
2026-04-13
Generated
2026-05-07
AI Q&A
2025-08-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-54144
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mozilla firefox From 60.9.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Firefox for iOS versions before 141 involves the URL scheme used for searching text queries. It could allow attackers to trick users into clicking a link that opens arbitrary website URLs or internal pages, potentially leading to unintended navigation or exposure to malicious content.


How can this vulnerability impact me? :

If exploited, this vulnerability could lead to users being redirected to malicious websites or unintended internal pages without their consent, which may result in phishing attacks, exposure to harmful content, or unauthorized access to sensitive information.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart