CVE-2026-13356
Interrupted navigation could allow address bar origin spoofing in Firefox for iOS
CVSS Score
6.3
EPSS Score
0.1%
EPSS Percentile
4th
A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3.
| Vendor | mozilla |
| Product | firefox for ios |
| Ecosystems | |
| Industries | Technology |
| Published | Jul 6, 2026 |
| Last Updated | Jul 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for mozilla firefox for ios
Be the first to know when new medium vulnerabilities affecting mozilla firefox for ios are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Mozilla / Firefox for iOS
All versions affected References
Credits
Azza Tegar Naufal Ataullah