CVE-2025-55032

CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.0%

top 91.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Focus FOR IOS Mozilla Firefox Focus

Timeline

PublishedAug 19

Description

Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS < 142.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5mozilla/focus_for_iosunspecified — 142

▶NVDmozilla/firefox_focus< 142.0

🔴Vulnerability Details

CVEList

Focus incorrectly ignores Content-Disposition headers for some MIME types↗2025-08-19

▶

GHSA

GHSA-4cqw-2v9h-hfqw: Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing↗2025-08-19

▶

📋Vendor Advisories

Mozilla

Mozilla Foundation Security Advisory 2025-69: CVE-2025-55032↗

▶