CVE-2025-10290 — User Interface (UI) Misrepresentation of Critical Information in Mozilla Firefox Focus

CWE-451 — User Interface (UI) Misrepresentation of Critical Information4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 92.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox Focus
Timeline
PublishedSep 16

Description

Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press. This vulnerability was fixed in Focus for iOS 143.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

â–¶NVDmozilla/firefox_focus< 143.0

🔴Vulnerability Details

2
GHSA
GHSA-hjm2-5w4g-m8j2: Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing at↗2025-09-16
â–¶
CVEList
Opening links via the contextual menu in Focus for iOS would not update the toolbar UI correctly, allowing attackers to spoof websites↗2025-09-16
â–¶

📋Vendor Advisories

1
Mozilla
Mozilla Foundation Security Advisory 2025-76: CVE-2025-10290↗
â–¶
CVE-2025-10290 — Mozilla Firefox Focus vulnerability | cvebase