CVE-2025-54144: Vulnerability in Mozilla Firefox for iOS
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141.
AI Analysis
Technical Summary
This vulnerability involves the URL scheme in Firefox for iOS that facilitates searching text queries. Due to improper handling, attackers could craft links that, when clicked by a user, cause Firefox to open arbitrary external websites or internal pages. This behavior could be abused for phishing or redirecting users to malicious content. The vulnerability is tracked as CVE-2025-54144 and is categorized under CWE-601 (Open Redirect). It was addressed by Mozilla in Firefox for iOS 141.
Potential Impact
The vulnerability allows attackers to bypass intended URL restrictions and open arbitrary URLs, potentially leading to phishing or exposure to malicious websites. The impact is rated moderate with low confidentiality and integrity impact and no availability impact, as per the CVSS score of 5.4 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). There are no known exploits in the wild at this time.
Mitigation Recommendations
Mozilla has released an official fix for this vulnerability in Firefox for iOS version 141. Users and administrators should update to this version or later to remediate the issue. Since this is not a cloud service, local patching is required. No additional mitigation actions are specified or required beyond applying the update.
CVE-2025-54144: Vulnerability in Mozilla Firefox for iOS
Description
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves the URL scheme in Firefox for iOS that facilitates searching text queries. Due to improper handling, attackers could craft links that, when clicked by a user, cause Firefox to open arbitrary external websites or internal pages. This behavior could be abused for phishing or redirecting users to malicious content. The vulnerability is tracked as CVE-2025-54144 and is categorized under CWE-601 (Open Redirect). It was addressed by Mozilla in Firefox for iOS 141.
Potential Impact
The vulnerability allows attackers to bypass intended URL restrictions and open arbitrary URLs, potentially leading to phishing or exposure to malicious websites. The impact is rated moderate with low confidentiality and integrity impact and no availability impact, as per the CVSS score of 5.4 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). There are no known exploits in the wild at this time.
Mitigation Recommendations
Mozilla has released an official fix for this vulnerability in Firefox for iOS version 141. Users and administrators should update to this version or later to remediate the issue. Since this is not a cloud service, local patching is required. No additional mitigation actions are specified or required beyond applying the update.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-07-17T02:35:52.285Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 68a4e678ad5a09ad00fb5d7e
Added to database: 8/19/2025, 9:02:48 PM
Last enriched: 4/14/2026, 11:48:00 AM
Last updated: 5/10/2026, 3:12:31 AM
Views: 128
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.