CVE-2025-23108
published 2025-01-11CVE-2025-23108: Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability was fixed in Firefox for iOS 134.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| mozilla | firefox | < 134.0 | 134.0 |
| mozilla | firefox | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv4.3MEDIUM
OSV
CVE-2025-23108: Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab
osv·2025-01-13·CVSS 4.3
CVE-2025-23108 [MEDIUM] CVE-2025-23108: Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS < 134.
GHSA
GHSA-v3v8-99w9-8c5h: Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab
ghsa_unreviewed·2025-01-11
CVE-2025-23108 [MEDIUM] CWE-79 GHSA-v3v8-99w9-8c5h: Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS < 134.
Debian
CVE-2025-23108: firefox - Opening Javascript links in a new tab via long-press in the Firefox iOS client c...
vendor_debian·2025·CVSS 4.3
CVE-2025-23108 [MEDIUM] CVE-2025-23108: firefox - Opening Javascript links in a new tab via long-press in the Firefox iOS client c...
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS < 134.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2025-06: CVE-2025-23108
vendor_mozilla·CVSS 4.3
CVE-2025-23108 [MEDIUM] Mozilla Foundation Security Advisory 2025-06: CVE-2025-23108
Mozilla Foundation Security Advisory 2025-06
CVE: CVE-2025-23108
Product: Firefox for iOS
Impact: moderate
Fixed in: Firefox for iOS 134
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-11
Published