Firefox for iOS 151.1: RTL/IDN Link Preview Spoof Vulnerability
CVE-2026-9078 Published on May 25, 2026

Firefox iOS RTL Domain Rendering Issue in Link Preview
Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This vulnerability was fixed in Firefox for iOS 151.1.

NVD

Products Associated with CVE-2026-9078

Want to know whenever a new CVE is published for Mozilla Firefox? stack.watch will email you.

Mozilla Firefox

Affected Versions

Mozilla Firefox for iOS:

Version 151.1, <= * is unaffected.

Firefox for iOS 151.1: RTL/IDN Link Preview Spoof VulnerabilityCVE-2026-9078 Published on May 25, 2026

Products Associated with CVE-2026-9078

Affected Versions

Firefox for iOS 151.1: RTL/IDN Link Preview Spoof Vulnerability
CVE-2026-9078 Published on May 25, 2026