Filename Spoofing Issue in Firefox for iOS
CVE-2025-14744

Currently unrated

Key Information:

Vendor

Mozilla
Status
Firefox For iOS
Vendor
CVE Published:
18 December 2025

What is CVE-2025-14744?

A security vulnerability has been identified in Firefox for iOS where Unicode Right-To-Left Override (RTLO) characters can be exploited. This allows malicious websites to manipulate filenames displayed in the downloads user interface, leading to potential user deception when saving files. Users may inadvertently save files under unexpected file types, posing a risk of executing harmful content. The affected versions of Firefox for iOS are prior to 144.0, necessitating an update to mitigate this risk.

Affected Version(s)

Firefox for iOS < 144.0

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1984683
https://www.mozilla.org/security/advisories/mfsa2025-97/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Azril
JSON
.
CVE-2025-14744 : Filename Spoofing Issue in Firefox for iOS