Improper Attachment Handling in Firefox for iOS by Mozilla
CVE-2025-55030

6.1MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 19 August 2025

What is CVE-2025-55030?

A vulnerability in Firefox for iOS allows the application to improperly handle the Content-Disposition header of 'Attachment' types, resulting in content being displayed inline instead of prompting a download. This flaw can facilitate XSS attacks, compromising user security. The issue impacts versions of Firefox for iOS prior to 142, making it important for users to update to the latest version to mitigate potential risks.

Affected Version(s)

Firefox for iOS < 142

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1976304

https://www.mozilla.org/security/advisories/mfsa2025-68/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2025
Vulnerability Reserved
Aug 5, 2025

Credit

Renwa