Login Sign Up

CVE-2025-14744

6.5 MEDIUM

📋 TL;DR

This vulnerability allows malicious websites to use Unicode Right-to-Left Override (RTLO) characters to spoof filenames in Firefox for iOS downloads UI. Attackers could trick users into saving files with unexpected file extensions, potentially leading to malware execution. Only Firefox for iOS versions before 144.0 are affected.

💻 Affected Systems

Products:
  • Firefox for iOS
Versions: All versions < 144.0
Operating Systems: iOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Firefox browser on iOS devices; other browsers and platforms are not affected.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users download what appears to be a safe file (like .pdf) but actually receives executable malware (.exe disguised as .pdf), leading to device compromise.

🟠

Likely Case

Users download files with incorrect extensions, potentially opening malicious content in inappropriate applications or being tricked into running scripts.

🟢

If Mitigated

Users notice the unusual filename or browser warnings, preventing file execution.

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious website but affects all Firefox for iOS users.
🏢 Internal Only: LOW - Primarily an external web-based attack vector.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to visit malicious website and initiate download, but no authentication or special privileges needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 144.0

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-97/

Restart Required: No

Instructions:

1. Open App Store on iOS device. 2. Search for Firefox. 3. Tap Update to version 144.0 or later. 4. Launch Firefox to apply update.

🔧 Temporary Workarounds

Use alternative browser

ios

Temporarily use Safari or other browsers until Firefox is updated.

Disable automatic downloads

ios

Configure Firefox to ask before downloading files.

🧯 If You Can't Patch

  • Educate users to verify file extensions before opening downloaded files
  • Implement web filtering to block known malicious sites

🔍 How to Verify

Check if Vulnerable:

Check Firefox version in Settings > About Firefox. If version is less than 144.0, device is vulnerable.

Check Version:

Not applicable for iOS - check via app interface

Verify Fix Applied:

Confirm Firefox version is 144.0 or higher in Settings > About Firefox.

📡 Detection & Monitoring

Log Indicators:

  • Unusual download filenames containing RTLO characters
  • Multiple failed file type validations

Network Indicators:

  • Connections to suspicious domains followed by downloads
  • HTTP requests with unusual filename parameters

SIEM Query:

source="firefox_ios" AND (event="download" AND filename MATCHES "\\u202E")

📊 Metadata

CVE ID: CVE-2025-14744
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE: CWE-451
EPSS Score: 0.03% exploit probability (8.4th percentile)
Published: December 18, 2025
Last Updated: January 6, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14744, you might also want to check these:

CVE-2025-8043 9.8

This vulnerability involves incorrect URL truncation in Firefox and Thunderbird, which could allow a...

Same vulnerability type (CWE-451)
CVE-2026-2634 9.8

This vulnerability in Firefox for iOS allows malicious scripts to desynchronize the address bar from...

Same vulnerability type (CWE-451)
CVE-2026-0906 9.8

This vulnerability allows attackers to spoof the URL bar (Omnibox) in Google Chrome on Android, pote...

Same vulnerability type (CWE-451)