CVE-2025-10290

Published Sep 16, 2025

Last updated 6 months ago

CVSS medium 6.5

Overview

Description: Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press This vulnerability affects Focus for iOS < 143.0.
Source: security@mozilla.org
NVD status: Analyzed
Products: firefox_focus

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-451

Hype score: Not currently trending

CVE-2025-10290 Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof… https://t.co/bGJv6sd3su
@CVEnew
16 Sept 2025
186 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*",
            "matchCriteriaId": "F0689DCB-CA40-4BEA-945D-D74C7351ED2D",
            "versionEndExcluding": "143.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References