CVE-2025-14744 is a security vulnerability identified in Mozilla Firefox for iOS versions earlier than 144.0. The issue arises from the improper handling of Unicode Right-to-Left Override (RTLO) characters in filenames displayed in the browser's downloads user interface. RTLO is a Unicode control character used to change the display order of text, commonly used for languages written from right to left. Attackers can exploit this by embedding RTLO characters in filenames to visually reverse the order of characters, causing the filename to appear differently than its actual extension. For example, a file named 'exe.scr' could be displayed as 'rcs.exe', misleading users into thinking they are downloading a harmless file when it is actually an executable or potentially malicious file type. This spoofing can trick users into saving and possibly executing harmful files, leading to potential compromise of device integrity or data confidentiality. The vulnerability does not require authentication but depends on user interaction to download the spoofed file. There are no known public exploits or patches currently linked, and no CVSS score has been assigned yet. The flaw specifically affects Firefox for iOS, which is a significant browser on Apple mobile devices. The attack surface is limited to users who download files via Firefox on iOS, but the impact can be significant if exploited, especially in environments where mobile devices are used for sensitive operations. The vulnerability highlights the risks associated with Unicode control characters and the importance of proper filename sanitization and display in user interfaces.

For European organizations, this vulnerability poses a risk primarily to mobile users who use Firefox for iOS to download files. The spoofing of filenames can lead to inadvertent downloading and execution of malicious files, potentially resulting in malware infections, data breaches, or unauthorized access to sensitive information. This is particularly concerning for sectors with high mobile device usage such as finance, healthcare, and government agencies. The threat could facilitate social engineering attacks, where users are deceived into trusting and opening harmful files. Although the vulnerability does not directly compromise the browser or device without user interaction, the potential for indirect compromise through user deception is significant. The impact on confidentiality and integrity is moderate, as attackers could use this to deliver payloads or steal data. Availability impact is low since the vulnerability does not cause denial of service. The lack of known exploits reduces immediate risk, but the widespread use of Firefox on iOS in Europe means the threat should be taken seriously. Organizations with BYOD policies or remote workforces are especially vulnerable due to less controlled device environments.

Organizations should prioritize updating Firefox for iOS to version 144.0 or later once the patch is released by Mozilla. Until then, users should be educated about the risks of downloading files from untrusted or suspicious websites, especially when filenames appear unusual or suspicious. IT teams should consider implementing mobile device management (MDM) policies that restrict or monitor file downloads on corporate devices. Additionally, endpoint protection solutions on iOS devices that scan downloaded files for malware can provide an extra layer of defense. Security awareness training should emphasize the dangers of social engineering and filename spoofing attacks. Monitoring network traffic for unusual download patterns and using web filtering to block access to known malicious sites can reduce exposure. Finally, organizations should maintain an inventory of browser versions used within their environment to ensure timely patch management.