Mozilla Foundation Security Advisory 2025-97

Security Vulnerabilities fixed in Firefox for iOS 144.0

Announced

December 15, 2025

Impact

low

Products

Firefox for iOS

Fixed in

Firefox for iOS 144

Firefox for iOS 144 was released October 12th, 2025 and the fix for CVE-2025-14744 was included in the original release; but this advisory was not published until December 16, 2025 because it was not recognized at the time.

#CVE-2025-14744: Filename spoofing via Unicode Right-to-Left Override in Firefox for iOS

Reporter: Azril
Impact: low

Description

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type

References

Bug 1984683

Mozilla VPN

Mozilla Monitor

Firefox Relay

MDN Plus

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising

Mozilla Builders

Mozilla New Products