CVE-2025-14744

CWE-4517 documents7 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 89.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Firefox FOR IOSMozilla Firefox
Timeline
PublishedDec 18

Description

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS < 144.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDmozilla/firefox< 144.0
CVEListV5mozilla/firefox_for_iosunspecified144.0

🔴Vulnerability Details

3
CVEList
Filename spoofing via Unicode Right-to-Left Override in Firefox for iOS2025-12-18
GHSA
GHSA-w3cw-f63h-9g34: Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into sav2025-12-18
OSV
CVE-2025-14744: Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into sav2025-12-18

📋Vendor Advisories

2
Debian
CVE-2025-14744: firefox - Unicode RTLO characters could allow malicious websites to spoof filenames in the...2025
Mozilla
Mozilla Foundation Security Advisory 2025-97: CVE-2025-14744

🕵️Threat Intelligence

1
Wiz
CVE-2025-14744 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-14744 (MEDIUM CVSS 6.5) | Unicode RTLO characters could allow | cvebase.io