XSS Vulnerability in Focus for iOS by Mozilla
CVE-2025-55033

6.1MEDIUM

Key Information:

Vendor

Mozilla
Status
Focus For iOS
Vendor
CVE Published:
19 August 2025

What is CVE-2025-55033?

A Cross-Site Scripting (XSS) vulnerability has been identified in Focus for iOS that allows attackers to execute malicious JavaScript by dragging links to the URL bar. This exploit can potentially lead to unauthorized script execution and data compromise. Users running versions prior to 142 of Focus for iOS are encouraged to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

Focus for iOS < 142

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1913825
https://www.mozilla.org/security/advisories/mfsa2025-69/

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Muneaki Nishimura
.