CVE-2025-54143

CWE-6936 documents6 sources
Severity
9.8CRITICAL
EPSS
0.1%
top 78.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Firefox FOR IOSMozilla Firefox
Timeline
PublishedAug 19

Description

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS < 141.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDmozilla/firefox< 141.0
CVEListV5mozilla/firefox_for_iosunspecified141

🔴Vulnerability Details

3
CVEList
CVE-2025-54143: Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page2025-08-19
GHSA
GHSA-x7hr-j7rg-h68w: Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page2025-08-19
OSV
CVE-2025-54143: Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page2025-07-23

📋Vendor Advisories

1
Mozilla
Mozilla Foundation Security Advisory 2025-60: CVE-2025-54143
CVE-2025-54143 (CRITICAL CVSS 9.8) | Sandboxed iframes on webpages could | cvebase.io