CVE Catalog

CVE-2026-53899

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site.

Risk Assessment

This vulnerability may lead to session theft and unauthorized access to user data, posing a significant security risk to the organization.

Recommendation

It is recommended to update Firefox for iOS to version 152.0 or newer to mitigate this vulnerability.

Original NVD description (English source)

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS