XSS Vulnerability in Focus for iOS by Mozilla
CVE-2025-55032

6.1MEDIUM

Key Information:

Vendor: Mozilla
Status: Focus For iOS
Vendor: CVE Published:; 19 August 2025

What is CVE-2025-55032?

An XSS vulnerability exists in Focus for iOS due to the application's failure to respect the Content-Disposition header of type Attachment. This flaw leads to the incorrect display of content inline, potentially enabling attackers to execute cross-site scripting attacks on unsuspecting users. The issue affects versions of Focus for iOS prior to 142, necessitating immediate attention from users to safeguard against exploitation.

Affected Version(s)

Focus for iOS < 142

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1976296

https://www.mozilla.org/security/advisories/mfsa2025-69/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2025
Vulnerability Reserved
Aug 5, 2025

Credit

Renwa