CVE-2025-55033

Description

Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

Mozilla / Focus for iOS142 – *

References

MISChttps://bugzilla.mozilla.org/show_bug.cgi?id=1913825
VENDOR_ADVISORYhttps://www.mozilla.org/security/advisories/mfsa2025-69/