—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Domain Spoofing Vulnerability in Firefox Focus for iOS

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Software Affected

Mozilla Firefox Focus for iOS versions prior to 148.2

Overview

A domain spoofing vulnerability has been identified in Mozilla Firefox Focus for iOS, which could allow malicious content to be displayed under spoofed trusted domains.

Target Audience:

All organizations and administrators using Mozilla Firefox Focus for iOS.

Risk Assessment:

Medium risk of domain spoofing that may mislead users into trusting malicious content.

Impact Assessment:

Potential for display of attacker-controlled content under a spoofed domain, which could facilitate phishing attacks and disclosure of sensitive information.

Description

A domain spoofing vulnerability has been reported in Mozilla Firefox Focus for iOS due to improper handling of navigation events combined with iframe redirection. An attacker could exploit this vulnerability by crafting malicious web content that stalls navigation to an invalid port and subsequently triggers an iframe redirect.

Successful exploitation of this vulnerability may allow an attacker to deceive users by presenting malicious content under a trusted domain name, thereby increasing the likelihood of phishing or other social engineering attacks.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.mozilla.org/en-US/security/advisories/mfsa2026-18/

Vendor Information

Mozilla

https://www.mozilla.org

References

 

https://www.mozilla.org/en-US/security/advisories/mfsa2026-18/

CVE Name

CVE-2026-2919

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmxeNcACgkQ3jCgcSdc

ys+ndA/9EY+b9MZjsR8ab/T3tASB8WzcpU38cZ9Ky24kx4PGP6tvLW61kQr7Wlu+

TuMXVpdM+EC/B72EjIfXeZTuP4MQ3GHmzY7WlNuVFELGmOpGOXqs90ldN0HwqhNM

jO5SSwSPmw/mT/+bsklDx1M3C3XUNtvK9nc1pqUsmlTnDM47LDZyVfZSJm5ON9g1

B44F4vb5rZdZCBl5vuBvMn4+rlHNFQzwUYN7p6L499aM/MnoF9Yg6B3ely9Nj8Ls

3bwmQ+TUPkBDyOKZBExUEl7Ut3IQ29y/DISIEPcc+sVGzb8RbO86WuGn3ADAC7Of

Nj5KrzvDPBzgjkq3TQl4X8hU+V3eBGkH0/wXocm3BnEiM/aawb0Re8pnEOTMRfmQ

9v3S/41MY1yk8CbKxKEOrjaY3fkafNGaVzTnPTiPrgaR8ilVOtnWgbMR68gORbHI

Kq0PAldKCks6Je49AXCjTNiO5P3y5btI9PrxQYudJldYX+AIyO5Y64hnQIwRd409

cGHP3WMMEJTwu2VicUhTkbwmzkBcmAS7E0638lYXk0eDjH3l/Si0R7BlgNQT9qlX

9sQR53QlxoL78mjs/X0EPKCoI6cEYEkl/fsypNhpd09F3NKq/+jVlCWesqOYuQm4

4YggqHYE9bTcJ/lt8rzVt7DemMSDLB9KZhvAfzcCoKVfdaIGne4=

=an09

—–END PGP SIGNATURE—–