Medium severity5.4NVD Advisory· Published May 25, 2026· Updated May 28, 2026
CVE-2026-9078
CVE-2026-9078
Description
Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This vulnerability was fixed in Firefox for iOS 151.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <151.1
Patches
Vulnerability mechanics
References
2- www.mozilla.org/security/advisories/mfsa2026-52/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdPermissions Required
News mentions
0No linked articles in our index yet.