Mozilla Foundation Security Advisory 2026-65

Security Vulnerabilities fixed in Firefox for iOS 152.3

Announced
July 5, 2026
Impact
moderate
Products
Firefox for iOS
Fixed in
  • Firefox for iOS 152.3

#CVE-2026-13356: Interrupted navigation could allow address bar origin spoofing in Firefox for iOS

Reporter
Azza Tegar Naufal Ataullah
Impact
moderate
Description

A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content.

References