Mozilla: >> Firefox Mobile >> 147.1 Security Vulnerabilities
Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-06-16
Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0.
CVSS Score
4.3
EPSS Score
0.001
Published
2026-06-16