Firefox iOS 152.4: PDF Title Exploit Overwrites Files
CVE-2026-14906 Published on July 13, 2026
Malicious webpage titles could allow overwriting of bundled PDF resources when saving webpages as PDFs in Firefox for iOS
Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4.
Vulnerability Analysis
CVE-2026-14906 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2026-14906 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Products Associated with CVE-2026-14906
Want to know whenever a new CVE is published for Mozilla Firefox? stack.watch will email you.
Affected Versions
Mozilla Firefox for iOS:- Version 152.4, <= * is unaffected.