Vulnerability Details CVE-2025-54143
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.6%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2025-54143
-
cpe:2.3:a:mozilla:firefox:-
-
cpe:2.3:a:mozilla:firefox:102.0
-
cpe:2.3:a:mozilla:firefox:119.0
-
cpe:2.3:a:mozilla:firefox:120.0
-
cpe:2.3:a:mozilla:firefox:127.0
-
cpe:2.3:a:mozilla:firefox:129
-
cpe:2.3:a:mozilla:firefox:14.0
-
cpe:2.3:a:mozilla:firefox:15.0
-
cpe:2.3:a:mozilla:firefox:15.1
-
cpe:2.3:a:mozilla:firefox:16.0
-
cpe:2.3:a:mozilla:firefox:16.1
-
cpe:2.3:a:mozilla:firefox:16.2
-
cpe:2.3:a:mozilla:firefox:17.0
-
cpe:2.3:a:mozilla:firefox:17.1
-
cpe:2.3:a:mozilla:firefox:17.2
-
cpe:2.3:a:mozilla:firefox:17.3
-
cpe:2.3:a:mozilla:firefox:18.0
-
cpe:2.3:a:mozilla:firefox:18.1
-
cpe:2.3:a:mozilla:firefox:18.2
-
cpe:2.3:a:mozilla:firefox:19.0
-
cpe:2.3:a:mozilla:firefox:19.1
-
cpe:2.3:a:mozilla:firefox:20.0
-
cpe:2.3:a:mozilla:firefox:20.1
-
cpe:2.3:a:mozilla:firefox:20.2
-
cpe:2.3:a:mozilla:firefox:21.0
-
cpe:2.3:a:mozilla:firefox:22.0
-
cpe:2.3:a:mozilla:firefox:23.0
-
cpe:2.3:a:mozilla:firefox:24.0
-
cpe:2.3:a:mozilla:firefox:24.1
-
cpe:2.3:a:mozilla:firefox:25.0
-
cpe:2.3:a:mozilla:firefox:25.1
-
cpe:2.3:a:mozilla:firefox:26.0
-
cpe:2.3:a:mozilla:firefox:27.0
-
cpe:2.3:a:mozilla:firefox:28.0