Mozilla Foundation Security Advisory 2026-52

Security Vulnerabilities fixed in Firefox for iOS 151.1

Announced

May 25, 2026

Impact

low

Products

Firefox for iOS

Fixed in

Firefox for iOS 151.1

#CVE-2026-9078: Firefox iOS RTL Domain Rendering Issue in Link Preview

Reporter: Barath Stalin K
Impact: low

Description

Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins.

References

Bug 2029371

Firefox browsers

Mozilla VPN

Mozilla Monitor

Firefox Relay

MDN Plus

Thunderbird

Solo

0DIN

Tabstack

About Mozilla

The Mozilla Manifesto

Get Involved

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising

Mozilla Builders

Mozilla New Products