6.1

CVE-2025-55032

Medienbericht

Focus incorrectly ignores Content-Disposition headers for some MIME types

Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Focus SwPlatformiphone_os Version < 142.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.043
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
21.08.2025 09:42
https://www.mozilla.org/security/advisories/mfsa2025-69/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1976296
Issue Tracking
Permissions Required