CVE-2026-53899
June 16, 2026, 2:51 p.m.
None
No Score
Description
Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0.
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Mozilla |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | mozilla | firefox_for_ios | 152.0 | / | / | / | / | / | / | / |
Tags
Timeline
Published: June 16, 2026, 1:16 p.m.
Last Modified: June 16, 2026, 2:51 p.m.
Last Modified: June 16, 2026, 2:51 p.m.
Status : Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.