GHSA-6xv8-mg86-mq56MediumCVSS 4.3

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP...

Published
June 16, 2026
Last Modified
June 16, 2026

🔗 CVE IDs covered (1)

📋 Description

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0.

🔗 References (4)