Back to overview

CVE-2026-13356

Description
A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3.

Metadata

CVE ID
CVE-2026-13356
State
PUBLISHED
Assigner
mozilla
Reserved
2026-06-25 17:23 UTC
Published
2026-07-06 23:07 UTC
Last updated
2026-07-06 23:07 UTC
Vendor / Product
Mozilla / Firefox for iOS
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Mozilla Firefox for iOS 152.3 ≤ *
Back to overview