CVE-2026-2032

MEDIUM 4.3

Interrupted page loads in new tabs could allow website spoofing under trusted domains in Firefox iOS

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

9th

Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1.

Vendor	mozilla
Product	firefox for ios
Ecosystems	Browser JavaScript
Industries	Technology
Published	Feb 16, 2026
Last Updated	Apr 14, 2026

Stay Ahead of the Next One

Get instant alerts for mozilla firefox for ios

Be the first to know when new medium vulnerabilities affecting mozilla firefox for ios are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Mozilla / Firefox for iOS

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bugzilla.mozilla.org: https://bugzilla.mozilla.org/show_bug.cgi?id=2012152 mozilla.org: https://www.mozilla.org/security/advisories/mfsa2026-09/

Credits

Qadhafy Muhammad Tera