Spoofing Risk in Focus for iOS Versions by Mozilla
CVE-2025-10290

6.5MEDIUM

Key Information:

Vendor

Mozilla

Vendor
CVE Published:
16 September 2025

What is CVE-2025-10290?

A vulnerability in Focus for iOS permits potential attackers to exploit the contextual menu feature, leading to incorrect rendering of the toolbar when opening links through specific URL schemes. When users are misled into invoking links via a long-press action, the toolbar may not reflect the current state correctly, which enables the possibility of spoofing attacks. This issue affects versions of Focus for iOS prior to 143.0, putting users at risk of accessing deceptive websites.

Affected Version(s)

Focus for iOS < 143.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Renwa
.