Server-Side Redirect Vulnerability in Firefox for iOS
CVE-2025-27426

5.4MEDIUM

Key Information:

Vendor

Mozilla
Status
Firefox For iOS
Vendor
CVE Published:
4 March 2025

What is CVE-2025-27426?

A vulnerability exists in Firefox for iOS that allows malicious websites to exploit server-side redirects. This exploitation can lead to a spoofed URL, potentially misleading users into interacting with fraudulent pages. Users of Firefox for iOS versions prior to 136 are particularly at risk, as this flaw undermines the integrity of web navigation by redirecting users to internal error pages that masquerade as legitimate URLs.

Affected Version(s)

Firefox for iOS < 136

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1933079
https://www.mozilla.org/security/advisories/mfsa2025-13/

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Renwa
.
CVE-2025-27426 : Server-Side Redirect Vulnerability in Firefox for iOS