CVE-2026-53899
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site.
Risk Assessment
This vulnerability may lead to session theft and unauthorized access to user data, posing a significant security risk to the organization.
Recommendation
It is recommended to update Firefox for iOS to version 152.0 or newer to mitigate this vulnerability.
Original NVD description (English source)
Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0.

