CVE-2025-54143

EUVD-2025-25230
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
jammy
not-affected
noble
not-affected
plucky
not-affected
thunderbird
jammy
not-affected
noble
not-affected
plucky
not-affected
Common Weakness Enumeration
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1912671
https://www.mozilla.org/security/advisories/mfsa2025-60/