CVE-2025-27426: Vulnerability in Mozilla Firefox for iOS
Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136.
AI Analysis
Technical Summary
This vulnerability (CVE-2025-27426) affects Firefox for iOS and involves the use of server-side redirects by malicious websites to an internal error page, which can result in the address bar displaying a spoofed URL. This could potentially deceive users into believing they are visiting a legitimate site when they are not. The issue is classified under CWE-601 (Open Redirect). Mozilla fixed this vulnerability in Firefox for iOS version 136, as detailed in their security advisory MFSA 2025-13.
Potential Impact
The impact of this vulnerability is that users may be misled by a spoofed URL in the address bar, which could facilitate phishing or other social engineering attacks. The CVSS score of 5.4 reflects limited confidentiality and integrity impact with no availability impact. There are no known exploits in the wild, reducing immediate risk.
Mitigation Recommendations
Mozilla has released an official fix for this vulnerability in Firefox for iOS version 136. Users and administrators should update to this version to remediate the issue. No additional mitigation steps are indicated by the vendor advisory.
CVE-2025-27426: Vulnerability in Mozilla Firefox for iOS
Description
Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2025-27426) affects Firefox for iOS and involves the use of server-side redirects by malicious websites to an internal error page, which can result in the address bar displaying a spoofed URL. This could potentially deceive users into believing they are visiting a legitimate site when they are not. The issue is classified under CWE-601 (Open Redirect). Mozilla fixed this vulnerability in Firefox for iOS version 136, as detailed in their security advisory MFSA 2025-13.
Potential Impact
The impact of this vulnerability is that users may be misled by a spoofed URL in the address bar, which could facilitate phishing or other social engineering attacks. The CVSS score of 5.4 reflects limited confidentiality and integrity impact with no availability impact. There are no known exploits in the wild, reducing immediate risk.
Mitigation Recommendations
Mozilla has released an official fix for this vulnerability in Firefox for iOS version 136. Users and administrators should update to this version to remediate the issue. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-02-24T20:03:31.187Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.mozilla.org/security/advisories/mfsa2025-13/","vendor":"Mozilla"}]
Threat ID: 69dd057782d89c981f0172a1
Added to database: 4/13/2026, 3:02:15 PM
Last enriched: 4/13/2026, 3:18:32 PM
Last updated: 4/14/2026, 6:03:53 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.