CVE-2025-54144

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-54144
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1946062 Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2025-60/ Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*
History

13 Apr 2026, 15:17

Type Values Removed Values Added
Summary (en) The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link This vulnerability affects Firefox for iOS < 141. (en) The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141.

21 Aug 2025, 18:39

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*
First Time Mozilla firefox
Mozilla
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1946062 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1946062 - Issue Tracking, Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2025-60/ - () https://www.mozilla.org/security/advisories/mfsa2025-60/ - Vendor Advisory

20 Aug 2025, 16:15

Type Values Removed Values Added
CWE CWE-601
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.4

20 Aug 2025, 14:40

Type Values Removed Values Added
Summary
  • (es) El esquema de URL utilizado por Firefox para facilitar la búsqueda de consultas de texto podría permitir incorrectamente a los atacantes abrir URL de sitios web arbitrarios o páginas internas si un usuario fue engañado para hacer clic en un enlace. Esta vulnerabilidad afecta a Firefox para iOS &lt; 141.

19 Aug 2025, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-19 21:15

Updated : 2026-04-13 15:17

NVD link : CVE-2025-54144

Mitre link : CVE-2025-54144

CVE.ORG link : CVE-2025-54144

JSON object : View

Products Affected

mozilla

  • firefox
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')