Synchronous JavaScript Dialog Vulnerability in Firefox for iOS
CVE-2026-13356
Currently unrated
What is CVE-2026-13356?
A vulnerability in Firefox for iOS allows a malicious webpage to disrupt a user’s navigation by displaying a synchronous JavaScript dialog. This issue can manipulate the browser's UI to show the intended destination's origin in the address bar while simultaneously continuing to render content from the attacker’s domain. The exploit poses significant risks to the user’s experience and security, leading to possible phishing or other malicious activities. Mozilla has addressed this security concern in version 152.3 of Firefox for iOS.
Affected Version(s)
Firefox for iOS 152.3