Mozilla Foundation Security Advisory 2026-18

Security Vulnerabilities fixed in Focus for iOS 148.2

Announced

March 2, 2026

Impact

high

Products

Focus for iOS

Fixed in

Focus for iOS 148.2

#CVE-2026-2919: Attacker-controlled content shown under spoofed domains in Focus for iOS via stalled navigation and iframe redirect

Reporter: Renwa Hiwa
Impact: high

Description

Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction.

References

Bug 1975842

Firefox browsers

Mozilla VPN

Mozilla Monitor

Firefox Relay

MDN Plus

Thunderbird

Solo

0DIN

Tabstack

About Mozilla

The Mozilla Manifesto

Get Involved

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising

Mozilla Builders

Mozilla New Products