Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-55028

CVE-2025-55028: Mozilla Firefox DOS Vulnerability

CVE-2025-55028 is a denial of service vulnerability in Mozilla Firefox for iOS caused by malicious scripts using repetitive JavaScript alerts. This article covers the technical details, affected versions, and mitigation steps.

Published:

CVE-2025-55028 Overview

CVE-2025-55028 is a denial of service vulnerability affecting Firefox for iOS. Malicious scripts using repetitive JavaScript alert() calls can block client user interaction and render the browser unresponsive. Mozilla addressed the issue in Firefox for iOS 142. The vulnerability is tracked under CWE-400: Uncontrolled Resource Consumption and requires user interaction to trigger, typically by navigating to an attacker-controlled page.

Critical Impact

Attackers can lock the Firefox for iOS browser through repeated JavaScript alert dialogs, blocking user input and forcing termination of the browser session.

Affected Products

  • Mozilla Firefox for iOS (versions prior to 142)
  • iOS platform builds identified by CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*
  • Mobile browser component mozilla:firefox

Discovery Timeline

  • 2025-08-19 - CVE-2025-55028 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2025-55028

Vulnerability Analysis

The vulnerability resides in how Firefox for iOS handles repeated JavaScript alert() dialog invocations. A malicious webpage can issue alert() calls in a tight loop or recursive callback, generating a continuous stream of modal dialogs. Firefox for iOS fails to throttle or suppress these dialogs adequately, preventing the user from dismissing them or interacting with browser chrome.

Because alert() is a synchronous, modal API in web browsers, each invocation blocks the JavaScript event loop until the user acknowledges the dialog. When abuse produces an unbounded chain of alerts, the browser tab becomes unresponsive. On iOS, where users cannot easily kill individual tabs, the entire browser process may need to be terminated. See the Mozilla Security Advisory MFSA-2025-68 for vendor details.

Root Cause

The root cause is the absence of a rate limit or user-controlled suppression mechanism on repeated JavaScript alert dialogs. Modern desktop browsers typically present a checkbox after several alerts to prevent additional dialogs from a given origin. Firefox for iOS lacked equivalent guardrails, allowing scripted repetition to exhaust user interaction paths.

Attack Vector

Exploitation requires the victim to visit an attacker-controlled URL or a legitimate site hosting malicious script content, for example through a cross-site scripting flaw or malvertising. Once loaded, embedded JavaScript issues alert() calls repeatedly, either in a while loop or via setTimeout callbacks. The browser becomes locked until the user force-closes the application. No authentication is required and the attack works over the network against any user browsing to the malicious content.

No public proof-of-concept or exploit code has been observed for this issue. Refer to Mozilla Bug Report #1850240 for the upstream tracking record.

Detection Methods for CVE-2025-55028

Indicators of Compromise

  • Firefox for iOS sessions that hang or require force-termination shortly after loading a specific URL.
  • Mobile telemetry showing repeated alert() invocations from a single origin within short time windows.
  • User reports of persistent dialog prompts that cannot be dismissed on iOS devices.

Detection Strategies

  • Inspect HTTP proxy or web gateway logs for pages returning JavaScript containing looped alert() constructs or recursive dialog handlers.
  • Correlate mobile device management (MDM) crash reports for Firefox for iOS with URL browsing history to identify abusive origins.
  • Use content inspection at the network edge to flag scripts calling window.alert inside while (true) or high-frequency timer callbacks.

Monitoring Recommendations

  • Track installed Firefox for iOS versions across managed devices to identify hosts still running versions prior to 142.
  • Monitor threat intelligence feeds for URLs weaponizing browser DoS techniques against mobile users.
  • Log user-reported browser crashes and correlate with recently visited domains to surface abusive sites.

How to Mitigate CVE-2025-55028

Immediate Actions Required

  • Update Firefox for iOS to version 142 or later through the Apple App Store on all managed and personal devices.
  • Communicate the update requirement to end users via internal advisories and MDM notifications.
  • Block known malicious domains delivering DoS scripts at the corporate DNS or secure web gateway layer.

Patch Information

Mozilla fixed the issue in Firefox for iOS 142. Details are available in the Mozilla Security Advisory MFSA-2025-68. Users should install the update from the App Store, and administrators managing iOS fleets should push the update through their MDM solution.

Workarounds

  • Instruct users to avoid untrusted links on iOS until Firefox for iOS is updated to version 142.
  • Recommend an alternate mobile browser temporarily on devices where the update cannot be applied immediately.
  • Force-close Firefox for iOS from the app switcher if repeated dialog prompts appear, then avoid revisiting the triggering URL.
bash
# Verify Firefox for iOS version via MDM query (example: Jamf Pro)
# Query installed application version and flag devices below 142
curl -s -u "$JAMF_USER:$JAMF_PASS" \
  "$JAMF_URL/JSSResource/computerapplications/name/Firefox.app/version/142" \
  -H "Accept: application/xml"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.