CVE-2026-53900
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain.
Risk Assessment
This vulnerability may lead to session theft or unauthorized access to data on unrelated sites, posing a significant security risk to users.
Recommendation
It is recommended to update Firefox for iOS to version 152.0 or later to mitigate this vulnerability.
Original NVD description (English source)
Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0.

