CVE-2025-14744

EUVD-2025-204291
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS < 144.0.
UI
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
jammy
not-affected
noble
not-affected
plucky
not-affected
questing
not-affected
thunderbird
jammy
not-affected
noble
not-affected
plucky
not-affected
questing
not-affected
Common Weakness Enumeration
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1984683
https://www.mozilla.org/security/advisories/mfsa2025-97/