Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR 64-bit

Download Firefox ESR 32-bit

Download a different build

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR
Firefox Privacy Notice
Get Mozilla VPN

Mozilla Foundation Security Advisory 2020-34

Security Vulnerabilities fixed in Firefox for iOS 28

Announced
July 28, 2020
Impact
high
Products
Firefox for iOS
Fixed in
  • Firefox for iOS 28

#CVE-2020-15662: Download JS user script can be overidden

Reporter
Muneaki Nishimura
Impact
high
Description

A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file.

References

#CVE-2020-15661: Login JS user script can be overidden

Reporter
Muneaki Nishimura
Impact
high
Description

A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain.

References

#CVE-2020-15651: Download Feature: unicode RTLO char can fake the file extension

Reporter
superxx
Impact
low
Description

A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension.

References