CVE-2025-54144

CWE-601Open Redirect5 documents5 sources
Severity
5.4MEDIUM
EPSS
0.0%
top 91.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Firefox FOR IOSMozilla Firefox
Timeline
PublishedAug 19

Description

The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link This vulnerability affects Firefox for iOS < 141.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDmozilla/firefox< 141.0
CVEListV5mozilla/firefox_for_iosunspecified141

🔴Vulnerability Details

3
CVEList
CVE-2025-54144: The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pa2025-08-19
GHSA
GHSA-36p9-4jqp-qvg9: The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pa2025-08-19
OSV
CVE-2025-54144: The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pa2025-07-23

📋Vendor Advisories

1
Mozilla
Mozilla Foundation Security Advisory 2025-60: CVE-2025-54144
CVE-2025-54144 (MEDIUM CVSS 5.4) | The URL scheme used by Firefox to f | cvebase.io