Vulnerability · NVD

CVE-2026-9309

MEDIUM 5.4 Published on 2026-06-01

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScript execution in an internal origin. This vulnerability was fixed in Firefox for iOS 151.2.

Attack vector : Network No privileges required

Show raw CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS 0.04% exploit very unlikely percentile 11.5%

Tracked apps referencing this CVE

For each app: the affected range, the fixing version, and where the tracked app stands today.

Firefox iOS org.mozilla.ios.Firefox

Affected <151.2 Fixed in 151.2 Latest tracked 151.2 patched

Observed affected builds (27)

151.1 151.0 150.3 150.2 150.1 150.0 149.3 149.2 149.1 149.0 148.3 148.2 148.1 148.0 147.5 147.4 147.3 147.2.1 147.2 147.1 147.0 146.1 146.0 145.3 145.2 145.1 145.0

Vulnerable CPE configurations (1)

Vendor	Product	Platform	Versions	CPE 2.3 URI
mozilla	firefox iOS	iOS	<151.2	cpe:2.3:a:mozilla:firefox::::::iphone_os::*

View on NVD ↗