Sandboxed Iframe Download Bypass in Firefox for iOS
CVE-2025-54143

9.8CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 19 August 2025

What is CVE-2025-54143?

A vulnerability exists in Firefox for iOS where sandboxed iframes fail to enforce proper restrictions, permitting unauthorized file downloads to the device. This flaw compromises user security by allowing actions that should be contained within the confines of the sandboxed environment, leading to potential data exposure. The affected versions are those prior to 141, emphasizing the importance of users updating their applications to mitigate this risk.

Affected Version(s)

Firefox for iOS < 141

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1912671

https://www.mozilla.org/security/advisories/mfsa2025-60/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2025
Vulnerability Reserved
Jul 17, 2025

Credit

Narendra Bhati

Mozilla

What is CVE-2025-54143?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit