CVE-2025-55033
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-19
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox_focus | From 60.9.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves dragging JavaScript links to the URL bar in the Focus browser for iOS, which could be exploited to execute malicious scripts. This can lead to cross-site scripting (XSS) attacks.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow attackers to run malicious scripts within the Focus browser on iOS, potentially compromising user data, session information, or causing other harmful effects typical of XSS attacks.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70