CVE Catalog

CVE-2026-53900

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

1th percentile — higher than 1% of all known CVEs

Summary

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain.

Risk Assessment

This vulnerability may lead to session theft or unauthorized access to data on unrelated sites, posing a significant security risk to users.

Recommendation

It is recommended to update Firefox for iOS to version 152.0 or later to mitigate this vulnerability.

Original NVD description (English source)

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS