Filename Spoofing Issue in Firefox for iOS
CVE-2025-14744

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-14744?

A security vulnerability has been identified in Firefox for iOS where Unicode Right-To-Left Override (RTLO) characters can be exploited. This allows malicious websites to manipulate filenames displayed in the downloads user interface, leading to potential user deception when saving files. Users may inadvertently save files under unexpected file types, posing a risk of executing harmful content. The affected versions of Firefox for iOS are prior to 144.0, necessitating an update to mitigate this risk.

Affected Version(s)

Firefox for iOS < 144.0

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1984683

https://www.mozilla.org/security/advisories/mfsa2025-97/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Dec 15, 2025

Credit

Azril

JSON

Mozilla

What is CVE-2025-14744?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit