๐Ÿ” CVE Alert

CVE-2026-13356

MEDIUM 6.3

Interrupted navigation could allow address bar origin spoofing in Firefox for iOS

CVSS Score
6.3
EPSS Score
0.1%
EPSS Percentile
4th

A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3.

Vendor mozilla
Product firefox for ios
Ecosystems
Industries
Technology
Published Jul 6, 2026
Last Updated Jul 7, 2026
Stay Ahead of the Next One

Get instant alerts for mozilla firefox for ios

Be the first to know when new medium vulnerabilities affecting mozilla firefox for ios are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Mozilla / Firefox for iOS
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
bugzilla.mozilla.org: https://bugzilla.mozilla.org/show_bug.cgi?id=2047768 mozilla.org: https://www.mozilla.org/security/advisories/mfsa2026-65/

Credits

Azza Tegar Naufal Ataullah