Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Malicious scripts can show fake pages in Firefox iOS address bar
CVE-2026-2634
Summary
A security issue in older versions of Firefox for iOS could let hackers show you fake web pages that look like they're from a legitimate website. This could happen when you visit a website, but it's not a problem if you keep your browser up to date. Update to the latest version of Firefox for iOS to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mozilla | firefox | <= 147.4 | – |
Original title
Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofe...
Original description
Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability affects Firefox for iOS < 147.4.
nvd CVSS3.1
9.8
Vulnerability type
CWE-451
- https://bugzilla.mozilla.org/show_bug.cgi?id=1975529 Issue Tracking Permissions Required
- https://www.mozilla.org/security/advisories/mfsa2026-12/ Vendor Advisory
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026