CVE-2025-23109: Vulnerability in Mozilla Firefox for iOS
Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerability was fixed in Firefox for iOS 134.
AI Analysis
Technical Summary
This vulnerability involves address bar spoofing in Firefox for iOS caused by long hostnames in URLs that can be manipulated to hide or spoof the real host of a website. It is tracked as CVE-2025-23109 and was reported by Khalil Zhani. The flaw could allow a malicious actor to present a deceptive URL to the user, potentially facilitating phishing or social engineering attacks. Mozilla fixed this issue in Firefox for iOS version 134 as documented in their security advisory MFSA 2025-06.
Potential Impact
The vulnerability impacts the integrity of the URL displayed in the Firefox for iOS address bar, allowing an attacker to spoof or obscure the actual host. This could lead to users being deceived about the legitimacy of a website, increasing the risk of phishing attacks. There is no impact on confidentiality or availability reported. No known exploits are currently active in the wild.
Mitigation Recommendations
Mozilla has released an official fix for this vulnerability in Firefox for iOS version 134. Users and administrators should update to this version or later to remediate the issue. Since the vulnerability is fixed in the latest release, no additional mitigation steps are required beyond applying the update.
CVE-2025-23109: Vulnerability in Mozilla Firefox for iOS
Description
Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerability was fixed in Firefox for iOS 134.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves address bar spoofing in Firefox for iOS caused by long hostnames in URLs that can be manipulated to hide or spoof the real host of a website. It is tracked as CVE-2025-23109 and was reported by Khalil Zhani. The flaw could allow a malicious actor to present a deceptive URL to the user, potentially facilitating phishing or social engineering attacks. Mozilla fixed this issue in Firefox for iOS version 134 as documented in their security advisory MFSA 2025-06.
Potential Impact
The vulnerability impacts the integrity of the URL displayed in the Firefox for iOS address bar, allowing an attacker to spoof or obscure the actual host. This could lead to users being deceived about the legitimacy of a website, increasing the risk of phishing attacks. There is no impact on confidentiality or availability reported. No known exploits are currently active in the wild.
Mitigation Recommendations
Mozilla has released an official fix for this vulnerability in Firefox for iOS version 134. Users and administrators should update to this version or later to remediate the issue. Since the vulnerability is fixed in the latest release, no additional mitigation steps are required beyond applying the update.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-01-10T21:00:17.659Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.mozilla.org/security/advisories/mfsa2025-06/","vendor":"Mozilla"}]
Threat ID: 69dd057782d89c981f01728b
Added to database: 4/13/2026, 3:02:15 PM
Last enriched: 4/13/2026, 3:18:56 PM
Last updated: 4/14/2026, 6:08:08 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.