CVE-2025-5020

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 139

Description The issue allows attackers to spoof website addresses when opening maliciously-crafted URLs in Firefox from other apps, such as Safari, if the URLs utilize non-HTTP schemes used internally by the Firefox iOS client.

Recommendations For Firefox for iOS versions prior to 139, update to version 139 or later to resolve the issue. As a temporary workaround, consider avoiding the use of non-HTTP schemes in URLs when opening them from other apps. Restrict access to potentially malicious URLs to minimize the risk of exploitation.