Arbitrary JavaScript Execution Vulnerability in Firefox for iOS
CVE-2026-9308

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-9308?

A security flaw in Firefox for iOS allowed a crafted web page to replace content in its Reader View, using placeholder strings that could be substituted with JSON-LD data. This could lead to arbitrary execution of JavaScript, potentially exposing users to security risks. It highlights the importance of securing web browsers against malicious scripts. The issue was addressed in Firefox for iOS version 151.2, underscoring the need for users to keep their applications updated to safeguard against such vulnerabilities.

Affected Version(s)

Firefox for iOS 151.2

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2039422

https://www.mozilla.org/security/advisories/mfsa2026-53/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
May 22, 2026

Credit

Muneaki Nishimura

CVE-2026-9308 Data

JSON

Mozilla

What is CVE-2026-9308?

Affected Version(s)

References

Timeline

Credit