CVE-2025-55032: Vulnerability in Mozilla Focus for iOS
Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142.
AI Analysis
Technical Summary
Mozilla Focus for iOS improperly handled Content-Disposition headers of type Attachment by displaying the content inline rather than as an attachment. This incorrect handling could allow an attacker to execute cross-site scripting (XSS) attacks by injecting malicious scripts into content that should have been treated as downloadable attachments. The vulnerability was reported and fixed in Focus for iOS version 142. The CVSS 3.1 base score is 6.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality and integrity. The vendor advisory confirms the fix and provides additional context on related vulnerabilities.
Potential Impact
The vulnerability could allow an attacker to perform cross-site scripting (XSS) attacks by exploiting the incorrect inline display of content that should have been treated as an attachment. This could lead to limited confidentiality and integrity impacts within the context of the browser. There are no known exploits in the wild at this time. The vulnerability affects the Focus for iOS browser prior to version 142.
Mitigation Recommendations
Mozilla has released an official fix for this vulnerability in Focus for iOS version 142. Users and administrators should update to this version or later to remediate the issue. No additional mitigation steps are required as the vulnerability is addressed by the official patch.
CVE-2025-55032: Vulnerability in Mozilla Focus for iOS
Description
Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Mozilla Focus for iOS improperly handled Content-Disposition headers of type Attachment by displaying the content inline rather than as an attachment. This incorrect handling could allow an attacker to execute cross-site scripting (XSS) attacks by injecting malicious scripts into content that should have been treated as downloadable attachments. The vulnerability was reported and fixed in Focus for iOS version 142. The CVSS 3.1 base score is 6.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality and integrity. The vendor advisory confirms the fix and provides additional context on related vulnerabilities.
Potential Impact
The vulnerability could allow an attacker to perform cross-site scripting (XSS) attacks by exploiting the incorrect inline display of content that should have been treated as an attachment. This could lead to limited confidentiality and integrity impacts within the context of the browser. There are no known exploits in the wild at this time. The vulnerability affects the Focus for iOS browser prior to version 142.
Mitigation Recommendations
Mozilla has released an official fix for this vulnerability in Focus for iOS version 142. Users and administrators should update to this version or later to remediate the issue. No additional mitigation steps are required as the vulnerability is addressed by the official patch.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-08-05T13:26:34.686Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 68a4e678ad5a09ad00fb5d98
Added to database: 8/19/2025, 9:02:48 PM
Last enriched: 4/14/2026, 11:48:52 AM
Last updated: 5/11/2026, 4:17:25 AM
Views: 165
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.