CVE-2025-27424 - Vulnerability Details

- Firefox Mobile iOS Address Bar Spoof Using Server-Side Redirect to non-http Scheme

Description

Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was fixed in Firefox for iOS 136.

Published: 2025-03-04

Score: 4.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is an open redirect flaw that allows a website to redirect a user to a URL using a non-http scheme, such as a custom scheme or app-specific URL. This can cause the address bar to display a legitimate domain while the user is actually navigated to a malicious page or application, creating a high risk of phishing or credential theft. The weakness is classified as CWE-601, which indicates that an attacker can redirect a user to an arbitrary external site or scheme without validation.

Affected Systems

Mozilla Firefox for iOS is affected when it runs on versions released before 136. The fix was implemented in Firefox for iOS 136, so any earlier release exposes users to this address bar spoofing risk on iOS devices.

Risk and Exploitability

The CVSS score of 4.3 categorizes the vulnerability as low severity, and the EPSS score of less than 1% indicates a very low probability of exploitation under current conditions. The vulnerability is not listed in the CISA KEV catalog. An attacker would need only to craft a malicious link that triggers a server‑side redirect to a non-http scheme, which is feasible through a regular web page or email, and requires the victim to interact with the redirect. No elevated privileges or additional exploits are needed for the attack to succeed.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mozilla

Firefox for iOS

affected

Version	Status	Constraints
`136`	unaffected	≤ *

Configuration 1 [-]

AND

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Firefox for iOS to version 136 or later, which contains the authorized redirect validation fix.
If an update is temporarily unavailable, use a mobile security tool or network filter to block redirects that target non‑http schemes from untrusted origins.
Educate users not to trust URLs displayed in the address bar when they differ from or appear suspicious in relation to the site they are visiting.

Generated by OpenCVE AI on April 20, 2026 at 18:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-7772	Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00338.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1945392
https://www.mozilla.org/security/advisories/mfsa2025-13/

History

Mon, 13 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description	Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136.	Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was fixed in Firefox for iOS 136.
Title		Firefox Mobile iOS Address Bar Spoof Using Server-Side Redirect to non-http Scheme

Fri, 28 Mar 2025 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple iphone Os Mozilla Mozilla firefox
CPEs		cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:o:apple:iphone_os:-:::::::*
Vendors & Products		Apple Apple iphone Os Mozilla Mozilla firefox

Tue, 04 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-601
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 04 Mar 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description		Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136.
References		https://bugzilla.mozilla.org/show_bug.cgi?id=1945392 https://www.mozilla.org/security/advisories/mfsa2025-13/

Subscriptions

Apple Iphone Os

Mozilla Firefox

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2025-03-04T13:31:28.256Z

Updated: 2026-04-13T14:29:04.860Z

Reserved: 2025-02-24T20:03:31.187Z

Link: CVE-2025-27424

Vulnrichment

Updated: 2025-03-04T15:30:02.838Z

NVD

Status : Modified

Published: 2025-03-04T14:15:39.397

Modified: 2026-04-13T15:16:55.137

Link: CVE-2025-27424

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-20T18:30:13Z

Weaknesses

CWE-601

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object