Mozilla Firefox Focus 131.1 for iPhone OS

CPE Details

Mozilla Firefox Focus 131.1 for iPhone OS
mozilla
firefox_focus
131.1
2025-04-15
16h55 +00:00
2025-04-15
16h55 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:mozilla:firefox_focus:131.1:*:*:*:*:iphone_os:*:*

Informations

Vendor

mozilla

Product

firefox_focus

Version

131.1

Target Software

iphone_os

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2025-55033 2025-08-19 19h15 +00:00 Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142.
6.1
Moyen
CVE-2025-55032 2025-08-19 19h15 +00:00 Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS < 142.
6.1
Moyen
CVE-2025-55031 2025-08-19 19h15 +00:00 Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects Firefox for iOS < 142 and Focus for iOS < 142.
9.8
Critique
CVE-2025-3859 2025-04-30 16h30 +00:00 Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus < 138.
6.1
Moyen
CVE-2024-10474 2024-10-29 12h19 +00:00 Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.
9.1
Critique
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.