Synchronous JavaScript Dialog Vulnerability in Firefox for iOS
CVE-2026-13356

Currently unrated

Key Information:

Vendor

Mozilla

Vendor
CVE Published:
6 July 2026

What is CVE-2026-13356?

A vulnerability in Firefox for iOS allows a malicious webpage to disrupt a user’s navigation by displaying a synchronous JavaScript dialog. This issue can manipulate the browser's UI to show the intended destination's origin in the address bar while simultaneously continuing to render content from the attacker’s domain. The exploit poses significant risks to the user’s experience and security, leading to possible phishing or other malicious activities. Mozilla has addressed this security concern in version 152.3 of Firefox for iOS.

Affected Version(s)

Firefox for iOS 152.3

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Azza Tegar Naufal Ataullah
.