Description
Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScript execution in an internal origin. This vulnerability was fixed in Firefox for iOS 151.2.
Published: 2026-06-01
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Firefox for iOS Reader View failed to properly escape HTML tags in JSON‑LD metadata. A malicious web page could inject markup that altered the Reader View interface and exposed sensitive URL parameters. Those parameters could then be used to target internal pages, potentially leading to arbitrary JavaScript execution within an internal origin.

Affected Systems

Mozilla Firefox for iOS running any version prior to 151.2 is affected. The issue was addressed in Firefox for iOS 151.2, which includes proper escaping of JSON‑LD content.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity. The EPSS score is unavailable, so the probability of exploitation is unknown, but an attacker could trigger the flaw by hosting a malicious page and inviting a user to open it in Reader View. Because the flaw permits execution of arbitrary JavaScript within an internal page, the impact is severe but no public exploits are documented and the vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on June 1, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Firefox for iOS to version 151.2 or later to apply the patch
  • Disable Reader View on the device if the patch cannot be applied immediately
  • Monitor user activity for attempts to load untrusted content and report findings to Mozilla

Generated by OpenCVE AI on June 1, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla firefox
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*
Vendors & Products Mozilla firefox

Mon, 01 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox For Ios
Vendors & Products Mozilla
Mozilla firefox For Ios

Mon, 01 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 13:00:00 +0000

Type Values Removed Values Added
Description Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScript execution in an internal origin. This vulnerability was fixed in Firefox for iOS 151.2.
Title Arbitrary JavaScript execution in internal pages via Reader View JSON-LD injection
References

Subscriptions

Mozilla Firefox Firefox For Ios
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-06-01T13:51:37.592Z

Reserved: 2026-05-22T18:16:52.497Z

Link: CVE-2026-9309

cve-icon Vulnrichment

Updated: 2026-06-01T13:51:19.816Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-01T13:16:33.623

Modified: 2026-06-03T20:02:29.000

Link: CVE-2026-9309

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T16:00:17Z

Weaknesses