Description
Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was fixed in Firefox for iOS 151.2.
Published: 2026-06-01
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Firefox for iOS Reader View replaces page content in an HTML template before substituting other internal placeholders. A malicious page can embed a placeholder string that later receives JSON‑LD data, causing arbitrary JavaScript execution within the Reader View context. The flaw falls under the Cross‑Site Scripting (CWE‑79) family, enabling code execution that could lead to data exfiltration or session hijacking if a user activates Reader View on a compromised site.

Affected Systems

The vulnerability affects Mozilla’s Firefox for iOS. Users running Firefox for iOS prior to version 151.2 are impacted; the issue was addressed in Firefox for iOS 151.2 and later editions.

Risk and Exploitability

The CVSS score of 5.4 indicates a medium severity, reflecting the potential for remote code execution. The EPSS score is not available, and the flaw is not listed in the CISA KEV catalog, suggesting it is a newly identified issue with no known public exploits yet. The likely attack vector is a crafted web page that a user opens in Reader View, with the incorrect placeholder replacement triggering the payload. Because the flaw resides in browser rendering logic, it can be exploited by any user visiting a malicious site while enabling Reader View.

Generated by OpenCVE AI on June 1, 2026 at 16:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Firefox for iOS to version 151.2 or later to receive the fix for placeholder replacement order.
  • If upgrading immediately is not feasible, disable Reader View in the browser settings to prevent the vulnerable rendering path from executing.
  • Subscribe to Mozilla security advisories and monitor release notes for future updates.

Generated by OpenCVE AI on June 1, 2026 at 16:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla firefox
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*
Vendors & Products Mozilla firefox

Mon, 01 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox For Ios
Vendors & Products Mozilla
Mozilla firefox For Ios

Mon, 01 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 13:00:00 +0000

Type Values Removed Values Added
Description Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was fixed in Firefox for iOS 151.2.
Title Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order
References

Subscriptions

Mozilla Firefox Firefox For Ios
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-06-01T13:52:59.059Z

Reserved: 2026-05-22T18:16:25.742Z

Link: CVE-2026-9308

cve-icon Vulnrichment

Updated: 2026-06-01T13:52:02.702Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-01T13:16:33.523

Modified: 2026-06-03T20:02:52.693

Link: CVE-2026-9308

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T16:30:06Z

Weaknesses