Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs This vulnerability affects Firefox for iOS < 143.1.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 30 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-359
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 30 Sep 2025 13:00:00 +0000

Type Values Removed Values Added
Description Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs This vulnerability affects Firefox for iOS < 143.1.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2025-09-30T13:38:50.570Z

Reserved: 2025-09-22T18:14:38.909Z

Link: CVE-2025-10859

cve-icon Vulnrichment

Updated: 2025-09-30T13:38:09.641Z

cve-icon NVD

Status : Received

Published: 2025-09-30T13:15:48.550

Modified: 2025-09-30T14:15:37.667

Link: CVE-2025-10859

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.