CVE-2025-5020

MEDIUM 4.3

Links using non-HTTP schemes opened from other apps such as Safari could have allowed spoofing of website addresses

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client. This vulnerability was fixed in Firefox for iOS 139.

Vendor	mozilla
Product	firefox for ios
Ecosystems	Browser JavaScript
Industries	Technology
Published	May 21, 2025
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for mozilla firefox for ios

Be the first to know when new medium vulnerabilities affecting mozilla firefox for ios are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Mozilla / Firefox for iOS

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bugzilla.mozilla.org: https://bugzilla.mozilla.org/show_bug.cgi?id=1951558 mozilla.org: https://www.mozilla.org/security/advisories/mfsa2025-39/

Credits

James Lee