CVE-2025-55032 is a medium-severity vulnerability affecting Mozilla Focus for iOS versions prior to 142. The issue arises because the browser incorrectly ignores the Content-Disposition HTTP header when it specifies an attachment for certain MIME types. Normally, the Content-Disposition header with the 'attachment' directive instructs the browser to treat the content as a downloadable file rather than rendering it inline. However, in this case, Focus for iOS erroneously displays such content inline. This behavior can be exploited to conduct cross-site scripting (XSS) attacks by injecting malicious scripts into content that should have been downloaded rather than executed. The vulnerability is linked to CWE-601, which relates to URL redirection or forwarding issues, indicating that the improper handling of content disposition can lead to security bypasses. The CVSS v3.1 base score is 6.1, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, but requiring user interaction, and impacting confidentiality and integrity with a scope change. No known exploits are currently reported in the wild, and no patches have been linked yet. This vulnerability specifically impacts the Focus browser on iOS, which is a privacy-focused mobile browser developed by Mozilla, used primarily on Apple mobile devices. The flaw could allow attackers to trick users into executing malicious scripts by serving content that should be downloaded as attachments but is instead rendered inline, potentially leading to data leakage or session hijacking.

For European organizations, the impact of this vulnerability depends largely on the adoption rate of Mozilla Focus on iOS among employees and users. While Focus is a niche browser compared to Safari or Chrome on iOS, it is favored by privacy-conscious users, including some professionals and activists. Exploitation could lead to targeted XSS attacks, allowing attackers to steal sensitive information such as authentication tokens, cookies, or other confidential data accessible via the browser. This could compromise user accounts or lead to further network infiltration if used as a pivot point. Since the vulnerability requires user interaction (e.g., clicking a malicious link), phishing campaigns could be an effective attack vector. The confidentiality and integrity of data accessed through the browser are at risk, though availability is not impacted. For organizations handling sensitive personal data under GDPR, any data breach resulting from such an exploit could lead to regulatory penalties and reputational damage. The scope is limited to iOS devices running vulnerable versions of Focus, so organizations with strict mobile device management policies and limited use of this browser may face lower risk.

Organizations should first ensure that all iOS devices using Mozilla Focus are updated to version 142 or later once the patch is released. Until then, users should be advised to avoid clicking on untrusted links or downloading attachments from unknown sources within the Focus browser. Mobile device management (MDM) solutions can be used to restrict installation or usage of vulnerable browser versions. Security awareness training should emphasize the risks of phishing and malicious attachments, especially in mobile contexts. Network-level protections such as web filtering can help block known malicious URLs that might exploit this vulnerability. Additionally, organizations can consider deploying endpoint detection and response (EDR) solutions capable of monitoring suspicious browser behaviors on iOS devices. Since no patch links are currently available, monitoring Mozilla’s security advisories for updates is critical. Finally, organizations should evaluate whether Focus is necessary for their users or if alternative browsers with faster patch cycles and broader enterprise support might be preferable.