{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-54143", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-07-17T02:35:52.284Z", "datePublished": "2025-08-19T20:52:47.450Z", "dateUpdated": "2026-04-13T14:30:52.883Z"}, "containers": {"cna": {"affected": [{"product": "Firefox for iOS", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "141", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141."}]}], "title": "Sandboxed iframes could allow local downloads despite sandbox restrictions", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1912671"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-60/"}], "credits": [{"lang": "en", "value": "Narendra Bhati"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:52.883Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-693", "lang": "en", "description": "CWE-693 Protection Mechanism Failure"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-08-20T14:02:56.087696Z", "id": "CVE-2025-54143", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-20T15:17:47.691Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-54143", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-20T14:02:56.087696Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-693", "description": "CWE-693 Protection Mechanism Failure"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-20T14:03:00.609Z"}}], "cna": {"title": "Sandboxed iframes could allow local downloads despite sandbox restrictions", "credits": [{"lang": "en", "value": "Narendra Bhati"}], "affected": [{"vendor": "Mozilla", "product": "Firefox for iOS", "versions": [{"status": "unaffected", "version": "141", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1912671"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-60/"}], "descriptions": [{"lang": "en", "value": "Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141.", "supportingMedia": [{"type": "text/html", "value": "Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:52.883Z"}}}, "cveMetadata": {"cveId": "CVE-2025-54143", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:30:52.883Z", "dateReserved": "2025-07-17T02:35:52.284Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-08-19T20:52:47.450Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "49B2D080-DBF5-4711-8563-B24D688F8B31", "versionEndExcluding": "141.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141."}, {"lang": "es", "value": "Los iframes de la sandbox en p\u00e1ginas web podr\u00edan permitir descargas al dispositivo, eludiendo las restricciones de espacio aislado esperadas declaradas en la p\u00e1gina principal. Esta vulnerabilidad afecta a Firefox para iOS < 141."}], "id": "CVE-2025-54143", "lastModified": "2026-04-13T15:17:01.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-08-19T21:15:27.557", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1912671"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-60/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-693"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T19:51:37.461724+00:00", "value": {"mitigation_remediation": ["Update Firefox for iOS to version 141 or later to apply the vendor\u2019s fix.", "If an immediate update is not possible, avoid browsing sites that use sandboxed iframes for downloading content, or use a different browser that correctly enforces sandbox restrictions.", "Configure the device to require explicit user confirmation for file downloads, and disable automatic download of unknown file types."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized local file downloads bypassing sandbox restrictions"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox for iOS is affected. Versions before 141 contain the flaw, while version 141 and later incorporate the fix that prevents the sandboxed iframe download bypass.", "description_and_impact": "Sandboxed iframes on webpages can trigger a file download on the device even when the parent page declares sandbox restrictions. This flaw allows a user to receive a download intended to be blocked by the sandbox, representing an improper verification or authorization weakness (CWE-693). The impact is the unauthorized acquisition of data on the device without user consent.", "risk_and_exploitability": "The CVSS score of 9.8 classifies this vulnerability as critical. The EPSS score of less than 1% indicates a low probability of observed exploitation at this time. The flaw is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker could embed a sandboxed iframe in a malicious or compromised website presented to a user on an iOS device, causing the browser to initiate a download that bypasses the intended sandbox limits."}}}}, "created": "2025-08-21T12:31:41.709981+00:00", "updated": "2026-04-20T20:00:10.510534+00:00", "vendors": ["apple", "apple$PRODUCT$ios", "mozilla", "mozilla$PRODUCT$firefox_for_ios"]}