Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-55031

Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects Firefox for iOS < 142 and Focus for iOS < 142.

Published

2025-08-19T21:15:28.340

Last Modified

2025-08-21T18:38:56.970

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	< 142.0	Yes
Application	mozilla	firefox_focus	< 142.0	Yes

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1979499 Issue Tracking, Permissions Required ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=1979804 Issue Tracking, Permissions Required ([email protected])
https://www.mozilla.org/security/advisories/mfsa2025-68/ Vendor Advisory ([email protected])
https://www.mozilla.org/security/advisories/mfsa2025-69/ Vendor Advisory ([email protected])