Vulnerability Details CVE-2026-53899
Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 1.2%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2026-53899
-
cpe:2.3:a:mozilla:firefox_mobile:*