Visual Reordering Vulnerability in Firefox for iOS by Mozilla
CVE-2026-9078

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 25 May 2026

What is CVE-2026-9078?

A vulnerability in Firefox for iOS allows specially crafted right-to-left (RTL) and internationalized domain names to display incorrectly in link previews. This flaw can lead to confusion, as attacker-controlled sites may appear to be legitimate, potentially deceiving users into clicking on malicious links. The issue has been addressed in version 151.1, enhancing user protection against manipulation of displayed domain names.

Affected Version(s)

Firefox for iOS 151.1

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2029371

https://www.mozilla.org/security/advisories/mfsa2026-52/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2026
Vulnerability Reserved
May 20, 2026

Credit

Barath Stalin K

CVE-2026-9078 Data

JSON