CVE-2025-55033

CVE Database · CVE-2025-55033

CVE-2025-55033

· MEDIUMModified

CVSS v3.1

6.1

EPSS

0.15%

Published

Aug 19, 2025

Modified

Apr 13, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79

Affected Products (1)

mozilla · firefox_focus (up to 142.0)vulnerable

References (2)

https://bugzilla.mozilla.org/show_bug.cgi?id=1913825

Issue TrackingPermissions Required

https://www.mozilla.org/security/advisories/mfsa2025-69/

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs