Vulnerability Details CVE-2025-14744
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.5%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2025-14744
-
cpe:2.3:a:mozilla:firefox:-
-
cpe:2.3:a:mozilla:firefox:102.0
-
cpe:2.3:a:mozilla:firefox:119.0
-
cpe:2.3:a:mozilla:firefox:120.0
-
cpe:2.3:a:mozilla:firefox:127.0
-
cpe:2.3:a:mozilla:firefox:129
-
cpe:2.3:a:mozilla:firefox:14.0
-
cpe:2.3:a:mozilla:firefox:15.0
-
cpe:2.3:a:mozilla:firefox:15.1
-
cpe:2.3:a:mozilla:firefox:16.0
-
cpe:2.3:a:mozilla:firefox:16.1
-
cpe:2.3:a:mozilla:firefox:16.2
-
cpe:2.3:a:mozilla:firefox:17.0
-
cpe:2.3:a:mozilla:firefox:17.1
-
cpe:2.3:a:mozilla:firefox:17.2
-
cpe:2.3:a:mozilla:firefox:17.3
-
cpe:2.3:a:mozilla:firefox:18.0
-
cpe:2.3:a:mozilla:firefox:18.1
-
cpe:2.3:a:mozilla:firefox:18.2
-
cpe:2.3:a:mozilla:firefox:19.0
-
cpe:2.3:a:mozilla:firefox:19.1
-
cpe:2.3:a:mozilla:firefox:20.0
-
cpe:2.3:a:mozilla:firefox:20.1
-
cpe:2.3:a:mozilla:firefox:20.2
-
cpe:2.3:a:mozilla:firefox:21.0
-
cpe:2.3:a:mozilla:firefox:22.0
-
cpe:2.3:a:mozilla:firefox:23.0
-
cpe:2.3:a:mozilla:firefox:24.0
-
cpe:2.3:a:mozilla:firefox:24.1
-
cpe:2.3:a:mozilla:firefox:25.0
-
cpe:2.3:a:mozilla:firefox:25.1
-
cpe:2.3:a:mozilla:firefox:26.0
-
cpe:2.3:a:mozilla:firefox:27.0
-
cpe:2.3:a:mozilla:firefox:28.0