Back to overview

CVE-2026-14906

MEDIUM
5.3
CVSS 3.1
Description
Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4.

Metadata

CVE ID
CVE-2026-14906
State
PUBLISHED
Assigner
mozilla
Reserved
2026-07-06 21:26 UTC
Published
2026-07-13 18:27 UTC
Last updated
2026-07-13 19:32 UTC
Primary CWE
CWE-434
CWE-434 Unrestricted Upload of File with Dangerous Type
Vendor / Product
Mozilla / Firefox for iOS
Sources
cve.org  ·  NVD

Severity & Metrics

5.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Mozilla Firefox for iOS 152.4 ≤ *
Weakness (CWE)
CWESourceDescription
CWE-434 adp CWE-434 Unrestricted Upload of File with Dangerous Type
CVSS scores (1)
ScoreSeverityVersionSourceVector
5.3 MEDIUM 3.1 adp CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Back to overview