Server-Side Redirect Vulnerability in Firefox for iOS
CVE-2025-27426

5.4MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 4 March 2025

Summary

A vulnerability exists in Firefox for iOS that allows malicious websites to exploit server-side redirects. This exploitation can lead to a spoofed URL, potentially misleading users into interacting with fraudulent pages. Users of Firefox for iOS versions prior to 136 are particularly at risk, as this flaw undermines the integrity of web navigation by redirecting users to internal error pages that masquerade as legitimate URLs.

Affected Version(s)

Firefox for iOS < 136

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1933079

https://www.mozilla.org/security/advisories/mfsa2025-13/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2025
Vulnerability Reserved
Feb 24, 2025

Credit

Renwa