CVE-2025-14744

Description

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected products

Mozilla / Firefox for iOS144.0 – *

References

MISChttps://bugzilla.mozilla.org/show_bug.cgi?id=1984683
VENDOR_ADVISORYhttps://www.mozilla.org/security/advisories/mfsa2025-97/