9.8 CVE-2025-55031
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects Firefox for iOS < 142 and Focus for iOS < 142.
https://nvd.nist.gov/vuln/detail/CVE-2025-55031
Categories
CWE-601
References
security@mozilla.org
| https://bugzilla.mozilla.org/show_bug.cgi?id=1979499 Issue Tracking Permissions Required |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1979804 Issue Tracking Permissions Required |
| https://www.mozilla.org/security/advisories/mfsa2025-68/ Vendor Advisory |
| https://www.mozilla.org/security/advisories/mfsa2025-69/ Vendor Advisory |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:* | < 142.0 | |
| cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:* | < 142.0 | |
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
