Mozilla Foundation Security Advisory 2025-60

Security Vulnerabilities fixed in Firefox for iOS 141

Announced

July 22, 2025

Impact

moderate

Products

Firefox for iOS

Fixed in

Firefox for iOS 141

#CVE-2025-54143: Sandboxed iframes could allow local downloads despite sandbox restrictions

Reporter: Narendra Bhati
Impact: moderate

Description

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page

References

Bug 1912671

#CVE-2025-54144: Internal Firefox open-text URL scheme allowed loading of arbitrary URLs

Reporter: James Lee
Impact: moderate

Description

The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link

References

Bug 1946062

#CVE-2025-54145: Scanning a malicious URL utilizing Firefox's open-text scheme with the QR code scanner could load arbitrary websites

Reporter: James Lee
Impact: moderate

Description

The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme

References

Bug 1946122

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Blog