CVE-2024-53975 is a vulnerability identified in Mozilla Firefox for iOS versions earlier than 133, where the SSL padlock icon in the browser's URL bar can be visually spoofed to appear on a non-secure HTTP page. This occurs specifically when accessing an HTTP site that uses a non-existent port, causing the browser to incorrectly display the padlock icon that normally indicates a secure HTTPS connection. The root cause lies in the browser's UI logic that fails to correctly differentiate between secure and non-secure connections under these specific conditions. While the vulnerability does not compromise the confidentiality of data directly, it misleads users into believing their connection is encrypted and secure, which can facilitate phishing attacks or man-in-the-middle scenarios where attackers intercept or alter communications without the user's knowledge. The CVSS 3.1 base score is 5.4 (medium severity), reflecting that the attack vector is network-based, requires no privileges, but does require user interaction (visiting a crafted URL). The impact on integrity and availability is limited but non-negligible due to potential deception. No authentication is required, and there are no known exploits in the wild at the time of publication. The vulnerability affects Firefox for iOS, a browser used on Apple mobile devices, which implies a mobile threat vector. The issue is expected to be resolved in Firefox for iOS version 133 or later, though no patch links are provided yet. This vulnerability highlights the importance of accurate UI security indicators in browsers to prevent user deception and subsequent exploitation.

For European organizations, this vulnerability primarily poses a risk to end users who rely on Firefox for iOS for web browsing. The misleading padlock icon can cause users to trust non-secure HTTP sites as if they were secure HTTPS sites, increasing the likelihood of successful phishing attacks or interception of sensitive information by attackers on the same network. This can lead to credential theft, unauthorized access, or data manipulation. While the vulnerability does not directly expose confidential data through a technical flaw, the social engineering risk is significant. Organizations with employees or customers in Europe using Firefox for iOS are at risk of targeted phishing campaigns exploiting this UI spoofing. Sectors with high security requirements such as finance, healthcare, and government are particularly vulnerable to the downstream effects of user deception. The mobile nature of the vulnerability means it can affect remote workers and mobile users, complicating detection and response. The impact on operational availability is low but the reputational damage and potential regulatory implications of data breaches resulting from phishing could be substantial.

1. Update Firefox for iOS to version 133 or later as soon as the patch is released to ensure the vulnerability is fixed. 2. Until patching is possible, educate users to verify site security by checking the full URL scheme (https://) rather than relying solely on the padlock icon. 3. Implement mobile device management (MDM) policies to enforce browser updates and restrict installation of outdated app versions. 4. Use network-level protections such as DNS filtering and web proxies that can block access to known phishing or malicious sites. 5. Encourage the use of multi-factor authentication (MFA) to reduce the impact of credential theft resulting from phishing. 6. Monitor for phishing campaigns targeting Firefox for iOS users and provide timely threat intelligence updates to users and security teams. 7. Conduct user awareness training focused on recognizing spoofed security indicators and safe browsing practices on mobile devices. 8. Consider deploying endpoint detection and response (EDR) solutions capable of monitoring mobile device browser activity for suspicious behavior.