Firefox iOS 152.3 - UI Address Bar Leak via Sync JS Dialog
CVE-2026-13356 Published on July 6, 2026

Interrupted navigation could allow address bar origin spoofing in Firefox for iOS
A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3.

NVD


Products Associated with CVE-2026-13356

Want to know whenever a new CVE is published for Mozilla Firefox? stack.watch will email you.

 

Affected Versions

Mozilla Firefox for iOS: