{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-55033","assignerOrgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","state":"PUBLISHED","assignerShortName":"mozilla","dateReserved":"2025-08-05T13:26:34.686Z","datePublished":"2025-08-19T20:52:51.056Z","dateUpdated":"2026-04-13T14:28:59.196Z"},"containers":{"cna":{"affected":[{"product":"Focus for iOS","vendor":"Mozilla","versions":[{"status":"unaffected","version":"142","lessThanOrEqual":"*","versionType":"rpm"}]}],"descriptions":[{"lang":"en","value":"Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142.","supportingMedia":[{"type":"text/html","base64":false,"value":"Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142."}]}],"title":"Drag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectly","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1913825"},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-69/"}],"credits":[{"lang":"en","value":"Muneaki Nishimura"}],"providerMetadata":{"orgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","shortName":"mozilla","dateUpdated":"2026-04-13T14:28:59.196Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}],"metrics":[{"cvssV3_1":{"scope":"CHANGED","version":"3.1","baseScore":6.1,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","integrityImpact":"LOW","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-08-20T14:00:44.408015Z","id":"CVE-2025-55033","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-20T15:16:49.367Z"}}]}}