CVE-2025-10290
BaseFortify
Publication date: 2025-09-16
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox_focus | From 60.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-451 | The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in Focus for iOS versions before 143.0 when users open links via the contextual menu (long-press) for certain URL schemes. The link fails to load properly, but the toolbar UI does not refresh, allowing attackers to spoof websites by misleading users about the actual site they are visiting if they are coerced into opening a link through the long-press menu. [1]
How can this vulnerability impact me? :
The vulnerability can impact users by allowing attackers to spoof websites, potentially tricking users into believing they are visiting a legitimate site when they are not. This can lead to phishing attacks or other forms of deception that compromise user trust and security. [1]
What immediate steps should I take to mitigate this vulnerability?
Update Focus for iOS to version 143.0 or later, as this version contains the fix for the vulnerability. [1]