CVE-2026-14906
Awaiting Analysis
Awaiting Analysis - Queue
Malicious PDF Title Overwrite in Firefox for iOS
Vulnerability report for CVE-2026-14906, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-13
Last updated on: 2026-07-13
Assigner: Mozilla Corporation
Description
Description
Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox_for_ios | 152.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |