CVE-2025-55033

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.0%
top 92.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Focus FOR IOSMozilla Firefox Focus
Timeline
PublishedAug 19

Description

Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5mozilla/focus_for_iosunspecified142

🔴Vulnerability Details

2
CVEList
Drag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectly2025-08-19
GHSA
GHSA-f484-2jqj-73ch: Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulner2025-08-19

📋Vendor Advisories

1
Mozilla
Mozilla Foundation Security Advisory 2025-69: CVE-2025-55033
CVE-2025-55033 (MEDIUM CVSS 6.1) | Dragging JavaScript links to the UR | cvebase.io