First published: Mon Feb 24 2025(Updated: )
Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Firefox | =136 | |
Apple iOS and iPadOS | ||
Firefox | <136 | |
All of | ||
Firefox | <136.0 | |
iPhone OS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2025-27424 is classified as a moderate severity vulnerability.
To fix CVE-2025-27424, update Firefox for iOS to version 136 or later.
CVE-2025-27424 affects the Firefox browser on iOS devices.
Exploiting CVE-2025-27424 can lead to the spoofing of a website address, potentially redirecting users to malicious pages.
All versions of Firefox for iOS prior to version 136 are vulnerable to CVE-2025-27424.