CVE-2026-14906
MEDIUM
5.3
CVSS 3.1
Description
Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4.
Metadata
Severity & Metrics
5.3
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Mozilla | Firefox for iOS | — | 152.4 ≤ * |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-434 | adp | CWE-434 Unrestricted Upload of File with Dangerous Type |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 5.3 | MEDIUM | 3.1 | adp | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
References (2)