Website Spoofing Vulnerability in Firefox for iOS
CVE-2025-23109

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 11 January 2025

What is CVE-2025-23109?

This vulnerability allows malicious actors to exploit long hostnames within URLs, potentially disguising the true host of a website. By leveraging this technique, attackers can create deceptive links that may confuse users, leading them to believe they are engaging with legitimate websites when they are not. This issue specifically affects Firefox for iOS versions prior to 134, highlighting the need for users to ensure their software is up to date to mitigate the associated risks. Mozilla has released an advisory detailing this vulnerability and recommended updates.

Affected Version(s)

Firefox for iOS 134

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1419275

https://www.mozilla.org/security/advisories/mfsa2025-06/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 10, 2025

Credit

Khalil Zhani

CVE-2025-23109 Data

JSON