CVE-2025-10859

CWE-3595 documents5 sources
Severity
4.0MEDIUM
EPSS
0.0%
top 96.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Firefox FOR IOSMozilla Firefox
Timeline
PublishedSep 30

Description

Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs This vulnerability affects Firefox for iOS < 143.1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages2 packages

NVDmozilla/firefox< 143.1.0
CVEListV5mozilla/firefox_for_iosunspecified143.1

🔴Vulnerability Details

2
GHSA
GHSA-q64v-9mh2-3xcq: Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to e2025-09-30
CVEList
Data stored in cookies for non-HTML content while browsing Incognito could be viewed after closing private tabs2025-09-30

📋Vendor Advisories

2
Debian
CVE-2025-10859: firefox - Cookie storage for non-HTML temporary documents was being shared incorrectly wit...2025
Mozilla
Mozilla Foundation Security Advisory 2025-79: CVE-2025-10859
CVE-2025-10859 (MEDIUM CVSS 4) | Cookie storage for non-HTML tempora | cvebase.io