Firefox iOS 152.3 - UI Address Bar Leak via Sync JS Dialog
CVE-2026-13356 Published on July 6, 2026
Interrupted navigation could allow address bar origin spoofing in Firefox for iOS
A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3.
Products Associated with CVE-2026-13356
Want to know whenever a new CVE is published for Mozilla Firefox? stack.watch will email you.
Affected Versions
Mozilla Firefox for iOS:- Version 152.3, <= * is unaffected.