AI description
CVE-2025-55032 affects Focus for iOS. The vulnerability arises because Focus for iOS does not properly handle the `Content-Disposition` header of type Attachment. Instead of treating the content as an attachment, the application incorrectly displays it inline. This behavior could allow for cross-site scripting (XSS) attacks. To mitigate this vulnerability, users should update Focus for iOS to the latest version.
- Description
- Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS < 142.
- Source
- security@mozilla.org
- NVD status
- Analyzed
- Products
- firefox_focus
CVSS 3.1
- Type
- Secondary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-601
- Hype score
- Not currently trending
CVE-2025-55032 Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks… https://t.co/EXXbkye9Yz
@CVEnew
19 Aug 2025
249 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New bugs :) CVE-2025-55030 [High] Content-Disposition headers incorrectly ignored allowing XSS attacks CVE-2025-55032 [High] Focus incorrectly ignores Content-Disposition headers allowing XSS attacks CVE-2025-9183 [Low] Firefox desktop address bar spoof with user interaction
@RenwaX23
19 Aug 2025
11440 Impressions
12 Retweets
212 Likes
87 Bookmarks
4 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*",
"vulnerable": true,
"matchCriteriaId": "667BB2C7-17E5-4D04-AA9A-1CBE726492AF",
"versionEndExcluding": "142.0"
}
],
"operator": "OR"
}
]
}
]