CVE-2025-55030

CWE-6404 documents4 sources
Severity
6.1MEDIUM
EPSS
0.0%
top 91.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Firefox FOR IOSMozilla Firefox
Timeline
PublishedAug 19

Description

Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks This vulnerability affects Firefox for iOS < 142.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDmozilla/firefox< 142.0
CVEListV5mozilla/firefox_for_iosunspecified142

🔴Vulnerability Details

2
CVEList
Content-Disposition headers incorrectly ignored for some MIME types2025-08-19
GHSA
GHSA-jhw6-rcq8-2vxj: Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloa2025-08-19

📋Vendor Advisories

1
Mozilla
Mozilla Foundation Security Advisory 2025-68: CVE-2025-55030
CVE-2025-55030 (MEDIUM CVSS 6.1) | Firefox for iOS would not respect a | cvebase.io