Filename spoofing via Unicode Right-to-Left Override in Firefox for iOS

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Description

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS < 144.0.

Basic Information

ID CVE-2025-14744

Source mozilla

Published Dec 18, 2025 at 14:21

Modified Dec 18, 2025 at 19:19

Affected Product

Vendor Mozilla

Product Firefox for iOS

Version unspecified

Affected Versions Mozilla Firefox for iOS unspecified

CWE Classification

CWE-451

References

{
    "lastseen": "",
    "description": "Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS < 144.0.",
    "published": "2025-12-18T14:21:12.328Z",
    "modified": "2025-12-18T19:19:42.637Z",
    "type": "cve",
    "title": "Filename spoofing via Unicode Right-to-Left Override in Firefox for iOS",
    "source": "mozilla",
    "references": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984683\nhttps://www.mozilla.org/security/advisories/mfsa2025-97/",
    "id": "CVE-2025-14744",
    "bulletinFamily": "",
    "cwe": [
        "CWE-451"
    ],
    "cvelist": null,
    "sourceData": "Mozilla Firefox for iOS unspecified",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Firefox for iOS",
    "version": "unspecified",
    "vendor": "Mozilla",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Filename spoofing via Unicode Right-to-Left Override in Firefox for iOS_CVE-2025-14744