Website Spoofing Vulnerability in Firefox for iOS
CVE-2025-23109

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 11 January 2025

Summary

This vulnerability allows malicious actors to exploit long hostnames within URLs, potentially disguising the true host of a website. By leveraging this technique, attackers can create deceptive links that may confuse users, leading them to believe they are engaging with legitimate websites when they are not. This issue specifically affects Firefox for iOS versions prior to 134, highlighting the need for users to ensure their software is up to date to mitigate the associated risks. Mozilla has released an advisory detailing this vulnerability and recommended updates.

Affected Version(s)

Firefox for iOS < 134

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1419275

https://www.mozilla.org/security/advisories/mfsa2025-06/

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 10, 2025

Credit

Khalil Zhani