CVE-2026-2919

Medium CVSS: 4.3

Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability affects Focus for iOS < 148.2.

Vendor

Product

CWE

CWE-451

Yayın Tarihi

2026-03-09 14:16:10

Güncelleme

2026-03-11 13:53:47

Source Identifier

security@mozilla.org

KEV Date Added

Kategoriler

CWE-451 MEDIUM 2026

Referanslar

https://bugzilla.mozilla.org/show_bug.cgi?id=1975842 https://www.mozilla.org/security/advisories/mfsa2026-18/