{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-14744","assignerOrgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","state":"PUBLISHED","assignerShortName":"mozilla","dateReserved":"2025-12-15T19:44:44.939Z","datePublished":"2025-12-18T14:21:12.328Z","dateUpdated":"2026-04-13T14:31:42.899Z"},"containers":{"cna":{"affected":[{"product":"Firefox for iOS","vendor":"Mozilla","versions":[{"status":"unaffected","version":"144.0","lessThanOrEqual":"*","versionType":"rpm"}]}],"descriptions":[{"lang":"en","value":"Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0.","supportingMedia":[{"type":"text/html","base64":false,"value":"Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0."}]}],"title":"Filename spoofing via Unicode Right-to-Left Override in Firefox for iOS","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1984683"},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-97/"}],"credits":[{"lang":"en","value":"Azril"}],"providerMetadata":{"orgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","shortName":"mozilla","dateUpdated":"2026-04-13T14:31:42.899Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-451","lang":"en","description":"CWE-451 User Interface (UI) Misrepresentation of Critical Information"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.5,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-12-18T19:12:45.595694Z","id":"CVE-2025-14744","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-18T19:19:42.637Z"}}]}}