Mozilla Foundation Security Advisory 2026-12

Security Vulnerabilities fixed in Firefox for iOS 147.4

Announced

February 20, 2026

Impact

high

Products

Firefox for iOS

Fixed in

Firefox for iOS 147.4

#CVE-2026-2634: Spoofed web content presented under trusted domains using scripted navigation on Firefox iOS

Reporter: Renwa
Impact: high

Description

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains.

References

Bug 1975529

Firefox browsers

Mozilla VPN

Mozilla Monitor

Firefox Relay

MDN Plus

Thunderbird

Solo

0DIN

About Mozilla

The Mozilla Manifesto

Get Involved

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising

Mozilla Builders

Mozilla New Products