Partial Domain Matching Vulnerability in Firefox for iOS by Mozilla
CVE-2026-53899

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-53899?

The Firefox for iOS browser has a vulnerability that arises from its method of partial domain matching when attaching cookies to PDF requests. This flaw allows malicious sites that are part of a suffix domain to leak cookies from the target site, presenting a potential security risk for users. The issue has been addressed in Firefox for iOS version 152.0, where the handling of cookies has been revised to prevent unauthorized access through this exploitation vector.

Affected Version(s)

Firefox for iOS 152.0

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2042909

https://www.mozilla.org/security/advisories/mfsa2026-56/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Jun 11, 2026

Credit

Muneaki Nishimura

CVE-2026-53899 Data

JSON