Spoofing Risk in Focus for iOS Versions by Mozilla
CVE-2025-10290

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Focus For iOS
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-10290?

A vulnerability in Focus for iOS permits potential attackers to exploit the contextual menu feature, leading to incorrect rendering of the toolbar when opening links through specific URL schemes. When users are misled into invoking links via a long-press action, the toolbar may not reflect the current state correctly, which enables the possibility of spoofing attacks. This issue affects versions of Focus for iOS prior to 143.0, putting users at risk of accessing deceptive websites.

Affected Version(s)

Focus for iOS < 143.0

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1975566

https://www.mozilla.org/security/advisories/mfsa2025-76/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Sep 11, 2025

Credit

Renwa

JSON