Primary

Context

Mozilla Focus for iOS Spoofing Vulnerability via Iframe Redirect

Vulnerability

Patched

A vulnerability in Mozilla Focus for iOS versions prior to 148.2 allows malicious scripts to display attacker-controlled content under fake domains. This is achieved by stalling a self-navigation to an invalid port, which triggers an iframe redirect. As a result, the user interface presents a trusted domain without any user interaction.

Impact

Exploitation of this vulnerability could lead to phishing attacks or the distribution of malware, as it allows for the presentation of malicious content under the guise of a trusted source.

Remediation

Users can update to Mozilla Focus for iOS version 148.2 to address this vulnerability.

Added: Mar 9, 2026, 2:20 PM

Updated: Mar 9, 2026, 2:20 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

1.3

exploitability

4.2

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

1.3

exploitability

4.2

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Focus for iOS Spoofing Vulnerability via Iframe Redirect

Vulnerability

Impact

Remediation

Affected Products

Mozilla Focus for iOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating