PT-2026-45411 · Mozilla · Firefox For Ios
Muneaki Nishimura
·
Published
2026-06-01
·
Updated
2026-06-01
·
CVE-2026-9309
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Firefox for iOS versions prior to 151.2
Description
Reader View fails to properly escape HTML tags within JSON-LD metadata. This allows a malicious page to inject markup that alters Reader View behavior and leaks sensitive URL parameters. Such leaked parameters could be utilized to access internal pages, which may lead to arbitrary JavaScript execution within an internal origin.
Recommendations
Update to version 151.2.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox For Ios