CVE-2025-5020

Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS < 139.

Weakness

The product uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Ubuntu	focal	*
Mozjs102	Ubuntu	esm-apps/noble	*
Mozjs102	Ubuntu	jammy	*
Mozjs102	Ubuntu	noble	*
Mozjs115	Ubuntu	devel	*
Mozjs115	Ubuntu	noble	*
Mozjs115	Ubuntu	oracular	*
Mozjs115	Ubuntu	plucky	*
Mozjs52	Ubuntu	esm-infra/bionic	*
Mozjs52	Ubuntu	focal	*
Mozjs68	Ubuntu	focal	*
Mozjs78	Ubuntu	jammy	*
Mozjs91	Ubuntu	jammy	*
Thunderbird	Ubuntu	focal	*
Thunderbird	Ubuntu	jammy	*

Potential Mitigations

Utilize a user prompt pop-up to authorize potentially harmful actions such as those modifying data or dealing with sensitive information.
When designing functionality of actions in the URL scheme, consider whether the action should be accessible to all mobile applications, or if an allowlist of applications to interface with is appropriate.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-5020
CWE	https://cwe.mitre.org/data/definitions/939.html

Improper Authorization in Handler for Custom URL Scheme

Weakness

Affected Software

Potential Mitigations

References