CVE-2025-55031: Vulnerability in Mozilla Firefox for iOS
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability was fixed in Firefox for iOS 142 and Focus for iOS 142.
AI Analysis
Technical Summary
This vulnerability involves malicious web pages exploiting Firefox for iOS and Focus for iOS to pass FIDO authentication links to the operating system, triggering the hybrid passkey transport mechanism. An attacker physically near the victim (within Bluetooth range) could deceive the user into authenticating the attacker’s device using their passkey, potentially granting unauthorized access to the victim's account. The issue affects Firefox for iOS and Focus for iOS prior to version 142. Mozilla released official fixes in Firefox for iOS 142 and Focus for iOS 142 to address this vulnerability.
Potential Impact
Successful exploitation could allow an attacker within Bluetooth range to trick a user into authenticating the attacker’s device to the user’s account using their passkey. This could lead to unauthorized account access with high confidentiality, integrity, and availability impact as reflected by the CVSS score of 9.8. The vendor advisory rates the impact as moderate, indicating significant but not catastrophic consequences.
Mitigation Recommendations
This vulnerability has been officially fixed by Mozilla in Firefox for iOS 142 and Focus for iOS 142. Users and administrators should update to these versions or later to remediate the issue. No additional mitigation actions are required beyond applying the official update.
CVE-2025-55031: Vulnerability in Mozilla Firefox for iOS
Description
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability was fixed in Firefox for iOS 142 and Focus for iOS 142.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves malicious web pages exploiting Firefox for iOS and Focus for iOS to pass FIDO authentication links to the operating system, triggering the hybrid passkey transport mechanism. An attacker physically near the victim (within Bluetooth range) could deceive the user into authenticating the attacker’s device using their passkey, potentially granting unauthorized access to the victim's account. The issue affects Firefox for iOS and Focus for iOS prior to version 142. Mozilla released official fixes in Firefox for iOS 142 and Focus for iOS 142 to address this vulnerability.
Potential Impact
Successful exploitation could allow an attacker within Bluetooth range to trick a user into authenticating the attacker’s device to the user’s account using their passkey. This could lead to unauthorized account access with high confidentiality, integrity, and availability impact as reflected by the CVSS score of 9.8. The vendor advisory rates the impact as moderate, indicating significant but not catastrophic consequences.
Mitigation Recommendations
This vulnerability has been officially fixed by Mozilla in Firefox for iOS 142 and Focus for iOS 142. Users and administrators should update to these versions or later to remediate the issue. No additional mitigation actions are required beyond applying the official update.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-08-05T13:26:34.686Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 68a4e678ad5a09ad00fb5d92
Added to database: 8/19/2025, 9:02:48 PM
Last enriched: 4/14/2026, 11:48:46 AM
Last updated: 5/9/2026, 10:57:25 PM
Views: 113
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.