Login Sign Up

CVE-2025-55029

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Firefox for iOS allows malicious scripts to bypass the popup blocker, enabling attackers to open excessive new tabs. This could lead to denial of service by consuming device resources and disrupting user experience. Only Firefox for iOS users with versions below 142 are affected.

💻 Affected Systems

Products:
  • Firefox for iOS
Versions: All versions < 142
Operating Systems: iOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Firefox browser on iOS devices; other browsers and Firefox on other platforms are not vulnerable.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete browser unresponsiveness and device performance degradation due to resource exhaustion from infinite tab spawning, potentially requiring app or device restart.

🟠

Likely Case

Browser becomes slow or unresponsive due to multiple popup tabs opening, forcing users to close Firefox or restart their device to regain functionality.

🟢

If Mitigated

Minimal impact with proper popup blocking settings and updated browser version, though some temporary disruption may occur before tabs are closed.

🌐 Internet-Facing: HIGH - Any website visited by vulnerable users can trigger this exploit without authentication.
🏢 Internal Only: LOW - This is a client-side browser vulnerability, not affecting internal network services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires visiting a malicious website but no user interaction beyond that. The vulnerability is publicly documented in Mozilla's advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox for iOS 142

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-68/

Restart Required: Yes

Instructions:

1. Open the App Store on your iOS device. 2. Search for Firefox. 3. Tap Update next to Firefox. 4. Wait for installation to complete. 5. Restart Firefox browser.

🔧 Temporary Workarounds

Enable Strict Popup Blocker

all

Configure Firefox to block all popups, though this may not fully prevent the bypass.

Use Alternative Browser

all

Temporarily switch to Safari or another browser until Firefox is updated.

🧯 If You Can't Patch

  • Avoid visiting untrusted websites and use browser extensions that block malicious scripts.
  • Regularly close unused tabs and monitor browser performance for unusual behavior.

🔍 How to Verify

Check if Vulnerable:

Open Firefox on iOS, go to Settings > About Firefox, check if version is below 142.

Check Version:

Not applicable for iOS; check via app settings.

Verify Fix Applied:

After updating, confirm version is 142 or higher in Settings > About Firefox.

📡 Detection & Monitoring

Log Indicators:

  • Multiple tab creation events in rapid succession
  • Browser crash or freeze logs

Network Indicators:

  • Multiple requests to same malicious domain for popup content

SIEM Query:

Not typically applicable for client-side browser vulnerabilities on mobile devices.

📊 Metadata

CVE ID: CVE-2025-55029
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
EPSS Score: 0.11% exploit probability (28.8th percentile)
Published: August 19, 2025
Last Updated: August 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55029, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)