CVE-2026-53900 is a vulnerability in Mozilla Firefox
Published on June 16, 2026

Cookie injection was possible when opening a PDF link
Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0.

NVD

Products Associated with CVE-2026-53900

Want to know whenever a new CVE is published for Mozilla Firefox? stack.watch will email you.

Mozilla Firefox

Affected Versions

Mozilla Firefox for iOS:

Version 152.0, <= * is unaffected.

CVE-2026-53900 is a vulnerability in Mozilla FirefoxPublished on June 16, 2026

Products Associated with CVE-2026-53900

Affected Versions

CVE-2026-53900 is a vulnerability in Mozilla Firefox
Published on June 16, 2026